| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140228021004.GA15181@openwall.com> Date: Fri, 28 Feb 2014 06:10:04 +0400 From: Solar Designer <solar@...nwall.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] die area estimates (Re: [PHC] GPU multiplication speed?) On Thu, Feb 27, 2014 at 08:45:49PM -0500, Bill Cox wrote: > With 4-to-1, and just a carry-save multiplier, I'd get 32x32x4 = 4K > bits... but you ware saying bytes, right? Are we having a big-B > little-b communication thing? I hate those... Not communication - I actually confused bits and bytes there. Thank you for spotting this! So by these estimates a 32x32->64 multiplier is equivalent to only a 512 bytes SRAM, which is lower than the estimates we had before. This does in fact mean that using the multipliers on current CPUs is probably not worth it in terms of increasing attack ASIC die area, even when we're only using L1 caches and not L2+, nor RAM. It might make more sense against attacks with other CPU-like devices, some of which might be smaller than the defender's (or have relatively fewer multipliers per L1 cache size) - e.g., a botnet of smartphones. Alexander
Powered by blists - more mailing lists