Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 01 Feb 2011 11:27:31 +0000
From: Freddie Witherden <freddie@...herden.org>
To: john-users@...ts.openwall.com
Subject: Re: FreeBSD crypt() / MD5-crypt implementation question

On 01/02/2011 08:54, Milen Rangelov wrote:
> Hello,
> 
> The "andnot" optimization won't work on GPUs as they don't have a PANDN-like
> instruction in their ISA - neither AMD, nor Nvidia. I've been playing around
> with this and found out the xor versions to be faster. Speaking about
> optimizations, on 5xxx ATIs there is a single "leftrotate" instruction
> (bitalign) that is 3 times faster than the "two-shifts, one or" version.
> Newer Nvidia hardware has fused SHL+ADD instruction which also helps, but
> not as much as bitalign on ATI.
> 
> AMD ISA has BFI_INT which is a single instruction that does practically the
> exact same thing as the F and G transformations. Unfortunately, AMD did not
> expose BFI_INT to IL and it's rather useless at present. That would give a
> nice 15% speed boost for MD5 (perhaps even more if hash reversal is
> performed, which unfortunately is not possible for md5crypt).

That's interesting.  Do you have any experience with the higher-level
languages/compilers (CUDA C/OpenCL) and how they perform?  I ask as x86
compilers are generally quite good at spotting and optimising bit
manipulations (endian swapping macro => bswap; "two-shitfs, one or" =>
ror).  It would indeed be nice if a single OpenCL kernel could take care
of current and future AMD/Nvidia hardware without needing to hand-tune
code for different ISA's.

I've looked at a few CUDA MD5 implementations (although not MD5 crypt,
just raw MD5) with the performance on my 295 GTX varying from ~100
("CUDA MD5", Mario Juric, GPL v2) Mhash/s to ~600 Mhash/s ("oclHashcat",
blob).  "MD5 Crack GPU", LGPL v3, will do ~400 Mhash/s and I am yet to
benchmark BarsWF.

Polemically yours, Freddie.


Download attachment "signature.asc" of type "application/pgp-signature" (268 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.