Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 10 Aug 2013 23:30:14 +0200
From: Katja Malvoni <>
Subject: Re: Parallella: bcrypt

Hi Alexander,

On Sat, Aug 10, 2013 at 2:48 PM, Solar Designer <> wrote:

> Here's further advice on this: use $2a$00 hashes - that is, with only
> one iteration of the (otherwise) most costly loop.  These are not
> exactly valid bcrypt hashes (the original implementation imposes a
> minimum of 04 for the cost setting), yet you may use them for quicker
> testing, as well as to stress-test the host-Epiphany communication.

I did that and I can't make it fail... I used to
generate $2a$00 hashes (removed self test and commented out "if (setting[0]
!= '$' || ... || setting[6] != '$') return NULL;" in BF_crypt()). I
generated 5 million random strings, read one by one and called BF_crypt()
with setting "$2a$00$XXXXXXXXXXXXXXXXXXXXXO". Than wrote string and hash in
new file. I used that file to compute and check hashes on Parallella. I
modified parallella_bf_fmt.c (added main, removed get_hash, get_binary and
cmp functions, removed valid function) and used same Epiphany code as in
JtR. In main, file that contains strings and hashes is read line by line.
64 lines are read (32 keys and 32 hashes), keys are set and crypt_all is
called. After that, BF_decode() is used on 32 correct hashes (generated
using crypt_blowfish.c) so that correct hashes can be compared with hashes
computed by Epiphany. Only one salt is used for all hashes and first 64
bits are checked as in JtR.
I also tried keys longer than 72, it didn't fail. And I tried with 800000
hashes and other shorter tests, it passed all of them.

Except those, I also did tests using $2a$04$ hashes generated with Most of tests
were short, longest one had 80000 hashes. In this case all salts were
different and same hash was computed on every Epiphany core to check
whether all cores return same result.

Since it haven't failed yet, I guess I'm not testing it like I should.


Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.