Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 23 Mar 2011 14:38:26 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: GSOC - GPU for hashes

Hi Thomas,

I'm sorry for the delay in responding to you specifically.  I assume
that you've read other messages in the thread, which might address some
of your would-be questions.

On Sun, Mar 20, 2011 at 07:14:18PM +0100, Thomas Bertani wrote:
> In the past I have used CUDA as a way to speed up the dtw algorithm
> computation and now I'm really interested in the following tasks:
> 
> - GPU for slow hashes
> - GPU for fast hashes
> 
> Actually CUDA is still the best way to do gpgpu as openCL is a much younger
> project so CUDA is more mature. However also using openCL could be a choice
> to consider.

Sounds fine.  Another thing to consider is that, quoting Marc Bevand,
current "AMD GPUs are roughly 2x-3x faster than Nvidia GPUs on ALU-bound
workloads":

http://blog.zorinaq.com/?e=42

Low-level stuff, which we'll need for bitslice DES too (the BFI_INT
instruction will be important for implementing DES S-boxes):

http://blog.zorinaq.com/?e=43

Comparison of different GPUs:

http://golubev.com/gpuest.htm

Yet I am fine with us starting with CUDA.  It may very well be the easy
first step that we need to take.

> Is there any further step I can do to go deep into the gpgpu related tasks?

I suggest that you try to implement one of the slow hashes and have JtR
use it.  This can be any one of the Unix crypt(3) flavors, MSCash2
(perhaps just the PBKDF2 portion of it, leaving the rest for CPU), or
phpass "portable" hashes.

MD5-based crypt(3) and phpass "portable" hashes are easy targets.

DES-based crypt(3) is harder to implement efficiently, although we'll
need to do it (bitslice, of course).

PBKDF2 should be easy and efficient, whereas Blowfish is apparently
hard/unreasonable to implement on GPUs at this time:

http://www.golubev.com/blog/?tag=pbkdf2
http://en.wikipedia.org/wiki/PBKDF2

This means that if you want an easy first target, MSCash2 is a better
choice than Blowfish-based crypt(3).  And we'll have other uses for
PBKDF2 (also WPA, FileVault, keychain to name some popular requests).

For info on MSCash2, see:
http://openwall.info/wiki/john/MSCash2
and a newer revision of the code in 1.7.6-jumbo-12.

SHA-crypt should be easy for the SHA-256 based flavor of it, but harder
for the SHA-512 based one (64-bit operations, which I guess you will
need to split into pairs of 32-bit ones, with carry? or do bitslice).
The SHA-512 based flavor is far more common (and thus more important for
us to support well).

http://www.akkadia.org/drepper/SHA-crypt.txt

Please let me know if you decide to approach some of this and if you
have any further questions/comments.

Thanks,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.