Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Aug 2015 16:57:36 -0500
From: JimF <>
Subject: Re: Formats using non-SIMD SHA2 implementations

On Wed, 12 Aug 2015 16:42:24 -0500, magnum <>  

> On 2015-08-12 15:26, Lei Zhang wrote:
>> Now I just finished episerver. I took a close look at the rest of the
> ...
>> - In clipperz, the salt has a maximum length of 128 byte, which is  
>> beyond the size of a single input block for SHA256. I've seen flags  
>> like SSEi_2BUF_INPUT and SSEi_4BUF_INPUT. I guess I'll have to  
>> quadruple the size the vector buffer to accommodate the salt ?
> Either that, or do it like in SAP G format (but that code is  
> unreadable). I never used SSEi_2/4BUF_INPUT but I'm sure Jim can provide  
> help if you get stuck.

Clipperz was never done, because the hashing crypts are such a small part  
of the overall runtime. I did look at this a little this morning, and it  
appears that the hashing code may be up to 10% of the runtime.  Most of  
the time is spent in the expmod, and that is not going to be optimized a  
whole lot better than with GMP.  So I never deemed the ROI on put SIMD  
into the clean and easy to read code as being a priority.  Also, at that  
time, I had limited experience doing multi-limb SIMD stuff.

One key thing to keep in mind, is that having a mix of 1 and 2 limb crypts  
is not good.  I do not know if this format could run into that situation,  
but likely it can.

If you need any help with this format, I can certainly help out.

NOTE, the first SRP done was wow-srp. It is very similar, but uses SHA1 as  
exponent setup.  It was not done using SIMD either.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.