| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 11 Jan 2014 08:13:22 +0400 From: Solar Designer <solar@...nwall.com> To: discussions@...sword-hashing.net Subject: many-core archs (Re: [PHC] ASICs) On Fri, Jan 10, 2014 at 02:47:36PM -0500, Bill Cox wrote: > By the way, the chip company the guy you quoted works for is making an > interesting product for brute-force password guessing for KDFs that > use <= 1MB of memory. > > http://www.adapteva.com/epiphanyiv/ > > Looks pretty cool. Actually, we had two Google Summer of Code projects last year, implementing bcrypt and Litecoin (scrypt at 128 KB) on Epiphany. We got reasonably good performance numbers for bcrypt. For E64, they're on par with common CPUs and GPUs, but at much lower energy consumption: http://www.openwall.com/presentations/Passwords13-Energy-Efficient-Cracking/ Our Litecoin speeds were very poor compared to GPUs (in fact, this was expected, so the student did not have enough motivation). We ended up using a TMTO factor of 5 (and also slightly below 5, but above 4, in a more experimental code revision) to fit in each core's 32 KB of local memory (paying for that with only a 2x increase in number of Salsa20/8 computations). I still have a ZedBoard with E16 FMC running here, may provide remote access if anyone is interested in developing for it. Unfortunately, there are too few E64's currently in existence, so we had to be using one at Adapteva's office (remotely). Luckily, this worked fine even for Katja's live demo at Passwords^13. > Grid based multi-CPU companies seem to come along > every few years. I hope they do well, but the always seem to be a > solution looking for a problem. Maybe they can sell a bunch to > governments for password cracking? Maybe, although I'd be happier with them satisfying commercial demand, even if also for password cracking. I think what's missing are PCIe boards with multiple energy-efficient many-core chips per board. Then they'd be able to compete not only in terms of energy efficiency, but also in terms of raw performance per board - for suitable tasks only, though. I did discuss this with Andreas, and he agrees. Another company - Kalray - recently released a PCIe board with their 288-core chip, but it also has only one such chip, and it is pricey: http://www.kalray.eu/news-7/news/kalray-launches-mppa-board-emb01-its-first-mppa-r-based-embedded-board http://www.kalray.eu/products/mppa-board/mppa-board-emb01/ http://www.kalray.eu/technology/ Regarding the 256 vs. 288 cores confusion, their replies on Twitter: <@Kalray1> @solardiz The MPPA256 has in reality 288 cores ! This brings 288*0.4*(1 branch + 2 ALU + 1 load/store + 1 FMA counted as 2) = 691.2 GOPS ! <@Kalray1> @solardiz The MPPA256 has in reality 288 cores ! This brings 288*0.4*( 1 FMA counted as 2) = 230 GFLOPS ! <@Kalray1> @solardiz 16 clusters of 17 cores + 4 quad-cores in the IOs subsystems. Then there's Tilera, which I think is doing pretty well targeting the high-speed networking market, providing solutions for traffic monitoring and DPI (nasty!) and maybe also IDS/IPS and potentially anti-DDoS: http://tilera.com And there's XMOS, but it's about realtime rather than high performance, so sort of an alternative to small FPGAs (not good for password cracking): http://www.xmos.com I guess you knew these, but I thought others on this mailing list might appreciate a summary of current many-core/MIMD archs. Alexander
Powered by blists - more mailing lists