lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 11 Jan 2014 08:13:22 +0400
From: Solar Designer <>
Subject: many-core archs (Re: [PHC] ASICs)

On Fri, Jan 10, 2014 at 02:47:36PM -0500, Bill Cox wrote:
> By the way, the chip company the guy you quoted works for is making an
> interesting product for brute-force password guessing for KDFs that
> use <= 1MB of memory.
> Looks pretty cool.

Actually, we had two Google Summer of Code projects last year,
implementing bcrypt and Litecoin (scrypt at 128 KB) on Epiphany.
We got reasonably good performance numbers for bcrypt.  For E64, they're
on par with common CPUs and GPUs, but at much lower energy consumption:

Our Litecoin speeds were very poor compared to GPUs (in fact, this was
expected, so the student did not have enough motivation).  We ended up
using a TMTO factor of 5 (and also slightly below 5, but above 4, in a
more experimental code revision) to fit in each core's 32 KB of local
memory (paying for that with only a 2x increase in number of Salsa20/8

I still have a ZedBoard with E16 FMC running here, may provide remote
access if anyone is interested in developing for it.  Unfortunately,
there are too few E64's currently in existence, so we had to be using
one at Adapteva's office (remotely).  Luckily, this worked fine even for
Katja's live demo at Passwords^13.

> Grid based multi-CPU companies seem to come along
> every few years.  I hope they do well, but the always seem to be a
> solution looking for a problem.  Maybe they can sell a bunch to
> governments for password cracking?

Maybe, although I'd be happier with them satisfying commercial demand,
even if also for password cracking.  I think what's missing are PCIe
boards with multiple energy-efficient many-core chips per board.  Then
they'd be able to compete not only in terms of energy efficiency, but
also in terms of raw performance per board - for suitable tasks only,
though.  I did discuss this with Andreas, and he agrees.

Another company - Kalray - recently released a PCIe board with their
288-core chip, but it also has only one such chip, and it is pricey:

Regarding the 256 vs. 288 cores confusion, their replies on Twitter:

<@Kalray1> @solardiz The MPPA256 has in reality 288 cores !  This brings 288*0.4*(1 branch + 2 ALU + 1 load/store + 1 FMA counted as 2) = 691.2 GOPS !
<@Kalray1> @solardiz  The MPPA256 has in reality 288 cores ! This brings  288*0.4*( 1 FMA counted as 2) = 230 GFLOPS !
<@Kalray1> @solardiz 16 clusters of 17 cores + 4 quad-cores in the IOs subsystems.

Then there's Tilera, which I think is doing pretty well targeting the
high-speed networking market, providing solutions for traffic monitoring
and DPI (nasty!) and maybe also IDS/IPS and potentially anti-DDoS:

And there's XMOS, but it's about realtime rather than high performance,
so sort of an alternative to small FPGAs (not good for password cracking):

I guess you knew these, but I thought others on this mailing list might
appreciate a summary of current many-core/MIMD archs.


Powered by blists - more mailing lists