Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 04 Jun 2015 16:22:22 +0200
From: magnum <>
Subject: Re: Interleaving of intrinsics

On 2015-06-02 13:01, Solar Designer wrote:
> Would it be reasonable for us to try my usual approach, with separate
> variables at the outer scope (inside the hashing function, but not
> inside the individual steps)?  And if those are in fact separate
> variables rather than array elements, this implies manual or cpp level
> loop unrolling.

I tried this out with MD5 and SHA256 in a topic branch. It doesn't seem 
to make any difference compared to loops and arrays.

Also, other tests (before that) indicate per-line loops vs. block loops 
for interleaving does not make any difference either, at least not for 
gcc. Perhaps it does for icc (as tested on super), but all results are 
so fluctuating and inconclusive I just get more confused the more I 
test. Perhaps turbo boost and stuff are playing up.

Perhaps Lei can make some conclusions from generated asm code. I think 
that's the only way of telling what actually happens.

Maybe we under-estimate the compilers. I'm starting to think MD4 and MD5 
interleaves fine poorly coded or not, while SHA1/SHA2 formats simply 
does not interleave well regardless of coding. If that's the case it 
would be a relief in a way: We could just keep the readable and 
straight-forward code...


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.