lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 10 Jan 2014 14:47:36 -0500
From: Bill Cox <>
Subject: Re: [PHC] ASICs (Re: [PHC] What's your favorite entry so far, and why?)

On Fri, Jan 10, 2014 at 9:38 AM, Solar Designer <> wrote:
> On Fri, Jan 10, 2014 at 08:40:40AM -0500, Bill Cox wrote:
>> A 20nm ASIC will cost you millions just to get your first part.
> BTW, on ASIC costs:
> "ASIC design costs ranges from $500K to $100M depending on who you talk to."

He's right, but it depends on the process node and complexity of the
ASIC more than "who".  A .18u low complexity ASIC can still
occasionally be done for $500K, but you wont get any decent on-chip
memory density or speed in that process.  I'm working making .35u
mixed-signal semi-custom ASICs 10X cheaper than that.  However, the
mask costs alone at 20nm are still > $1M, SFAIK.  ASIC companies
always budget for at least 2 sets of masks, in case of mistakes.

> "Getting fed up with hyper inflated ASIC costs quoted by some pundits.
> $160M for 20nm ASIC!? Off by factor of 10-100!"

Altera marketing is notorious for inflated numbers.

> There's also this curious option inbetween FPGAs and ASICs:

I actually designed a lot of the original eASIC architecture :-)
While I'm a self-professed crypto-dabbler and password hashing noob, I
actually am an expert at FPGA and structured ASIC architectures and
tools to place and route them.  The eASIC architecture isn't nearly as
good as ViASIC's for high density high speed deep sub-micron digital
architectures, but eASIC got the funding to build it.  I wouldn't
attempt to create an eASIC competitor at 20nm without several million
to do it.

By the way, the chip company the guy you quoted works for is making an
interesting product for brute-force password guessing for KDFs that
use <= 1MB of memory.

Looks pretty cool.  Grid based multi-CPU companies seem to come along
every few years.  I hope they do well, but the always seem to be a
solution looking for a problem.  Maybe they can sell a bunch to
governments for password cracking?


Powered by blists - more mailing lists