| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAOLP8p6yCZ+nP=a3KQOFnaJXbuv+vPuamMOo3fxWWW+wHEwLvw@mail.gmail.com> Date: Wed, 26 Feb 2014 12:22:09 -0500 From: Bill Cox <waywardgeek@...il.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] multiply-hardening (Re: NoelKDF ready for submission) I'm going to reintegrate multiplication back into the memory hashing threads and eliminate the multiplication hardening thread. At least for Haswell, a single scalar multiply and XOR seem to run nicely in parallel with AVX2 memory hashing, even at L1 hashing speeds. I'm going to make an option for between 0 and 8 multiplications per 256-bits of memory hashing. 0 would be useful for applications where multipliers are very slow or not available and have to be emulated, or if the CPU has no multiple instruction issue capability, meaning any multiplies add directly to user's runtime. 1 seems like a good match for AVX2 running in L1 cache, and I'm guessing 2 will be good for SSE. For hashing into external memory, up to 8 seems reasonable. Bill
Powered by blists - more mailing lists