lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 15 Jan 2014 15:16:42 +0000
From: Samuel Neves <sneves@....uc.pt>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] A must read...

On 15-01-2014 14:54, Solar Designer wrote:
> Besides integer multiply, I was considering floating-point, along the
> lines of DJB's hash127 - or even taking hash127 as the crypto primitive:
>
> http://cr.yp.to/hash127.html
> http://cr.yp.to/antiforgery/hash127-20040918.pdf
>
> But it does feel somewhat risky, and the latency guarantee is probably
> similar to that of the integer multiply (not the latency per se, but
> how it compares between CPUs and attack-optimized ASICs).  A possible
> advantage of the hash127 approach would be in using more of the die
> area, especially in defensive implementations on GPU and many-core archs
> (those many FPUs combined consume non-negligible die area).

While using floating-point by itself might be an actionable idea, I'd
advise not to use hash127. hash127 was designed during a time where even
32-bit integer multiplication was slow; now we have very fast 64-bit
integers multipliers, which make hash127 much faster to compute in
integer units.

Ideally whatever you compute using the floating-point unit should be
something that is hard to replicate with integer hardware.

Powered by blists - more mailing lists