diff -urp escrypt-0.3.1/PERFORMANCE-SSD escrypt-0.3.2/PERFORMANCE-SSD
--- escrypt-0.3.1/PERFORMANCE-SSD	2014-02-28 01:10:14.000000000 +0000
+++ escrypt-0.3.2/PERFORMANCE-SSD	2014-03-08 07:25:24.341461542 +0000
@@ -1,3 +1,7 @@
+The benchmarks below correspond to an older revision of escrypt.  They
+were not re-run for the most recent revision.  However, similar results
+are expected.
+
 On the same Core i7-4770K machine as described in PERFORMANCE-default,
 using its SSD to hold a 64 GiB ROM (twice the machine's RAM size).
 
diff -urp escrypt-0.3.1/PERFORMANCE-default escrypt-0.3.2/PERFORMANCE-default
--- escrypt-0.3.1/PERFORMANCE-default	2014-02-25 04:27:22.000000000 +0000
+++ escrypt-0.3.2/PERFORMANCE-default	2014-03-08 07:25:09.685353019 +0000
@@ -1,3 +1,7 @@
+The benchmarks below correspond to an older revision of escrypt.  They
+were not re-run for the most recent revision.  However, similar results
+are expected.
+
 Core i7-4770K 3.5 GHz + turbo (up to 3.7 GHz with all cores in use,
 3.9 GHz with one core in use), HT is enabled (giving 8 logical CPUs),
 32 GiB RAM (4x DDR3-1600, but the CPU has only 2 memory channels).
diff -urp escrypt-0.3.1/PERFORMANCE-scaling-down escrypt-0.3.2/PERFORMANCE-scaling-down
--- escrypt-0.3.1/PERFORMANCE-scaling-down	2014-02-28 01:47:26.000000000 +0000
+++ escrypt-0.3.2/PERFORMANCE-scaling-down	2014-03-08 07:25:26.569478010 +0000
@@ -1,3 +1,7 @@
+The benchmarks below correspond to an older revision of escrypt.  They
+were not re-run for the most recent revision.  However, similar results
+are expected.
+
 Dual Pentium 3, 1 GHz (an IBM workstation circa year 2000), running
 current Openwall GNU/*/Linux.  ROM size scaled down to 112 MiB:
 
diff -urp escrypt-0.3.1/PERFORMANCE-scaling-up escrypt-0.3.2/PERFORMANCE-scaling-up
--- escrypt-0.3.1/PERFORMANCE-scaling-up	2014-02-28 01:11:37.000000000 +0000
+++ escrypt-0.3.2/PERFORMANCE-scaling-up	2014-03-08 07:25:28.677493578 +0000
@@ -1,3 +1,7 @@
+The benchmarks below correspond to an older revision of escrypt.  They
+were not re-run for the most recent revision.  However, similar results
+are expected.
+
 Dual Xeon E5-2670 2.6 GHz + turbo (up to 3.0 GHz with all cores in use,
 3.3 GHz with few cores in use), 128 GiB RAM (8x DDR3-1600 ECC Reg).
 These CPUs have 8 cores and 4 memory channels each, for a total of 16
diff -urp escrypt-0.3.1/TESTS-OK escrypt-0.3.2/TESTS-OK
--- escrypt-0.3.1/TESTS-OK	2014-02-24 14:32:13.000000000 +0000
+++ escrypt-0.3.2/TESTS-OK	2014-03-08 07:23:27.000581375 +0000
@@ -3,17 +3,17 @@ scrypt("password", "NaCl", 1024, 8, 16)
 scrypt("pleaseletmein", "SodiumChloride", 16384, 8, 1) = 70 23 bd cb 3a fd 73 48 46 1c 06 cd 81 fd 38 eb fd a8 fb ba 90 4f 8e 3e a9 b5 43 f6 54 5d a1 f2 d5 43 29 55 61 3f 0f cf 62 d4 97 05 24 2a 9a f9 e6 1e 85 dc 0d 65 1e 40 df cf 01 7b 45 57 58 87
 scrypt("pleaseletmein", "SodiumChloride", 1048576, 8, 1) = 21 01 cb 9b 6a 51 1a ae ad db be 09 cf 70 f8 81 ec 56 8d 57 4a 2f fd 4d ab e5 ee 98 20 ad aa 47 8e 56 fd 8f 4b a5 d0 9f fa 1c 6d 92 7c 40 f4 c3 37 30 40 49 e8 a9 52 fb cb f4 5c 6f a7 7a 41 a4
 '$7X5$C6....d....WZaPV7LSUEKMo34.'
-'$7X5$C6....d....WZaPV7LSUEKMo34.$HZvD1YqAubpK1.1qHf8LEyFgD14CgQ/rU5oko3xtVA4'
-'$7X5$C6....d....WZaPV7LSUEKMo34.$HZvD1YqAubpK1.1qHf8LEyFgD14CgQ/rU5oko3xtVA4'
+'$7X5$C6....d....WZaPV7LSUEKMo34.$HegPnzar/cfsJdaMnFcchZdzMSRrPqo/ycPmJvgGfp7'
+'$7X5$C6....d....WZaPV7LSUEKMo34.$HegPnzar/cfsJdaMnFcchZdzMSRrPqo/ycPmJvgGfp7'
 '$7$C6..../....SodiumChloride$kBGj9fHznVYFQMEn/qDCfrDevf9YDtcDdKvEqHJLV8D'
 r=6 N=2^12 NROM=2^22
 Will use 3145728.00 KiB ROM
          3072.00 KiB RAM
 Initializing ROM ... DONE
 '$7X5$A4....d....WZaPV7LSUEKMo34.'
-'$7X5$A4....d....WZaPV7LSUEKMo34.$vmXUDkAYmJR04Put4FUvVjNZ1rWNDBd9rejzNrjPUwA'
+'$7X5$A4....d....WZaPV7LSUEKMo34.$cyw3OKi7OcVi4Hpffx2PguL16E3vGU9Lo/q.OuqaLh5'
 Initializing ROM in preallocated memory ... DONE
-'$7X5$A4....d....WZaPV7LSUEKMo34.$vmXUDkAYmJR04Put4FUvVjNZ1rWNDBd9rejzNrjPUwA'
-'$7X5$A4....d....WZaPV7LSUEKMo34.$x7PZx6FkpFsR5cN181lFzjy98C98lpPdmzGJfHonId8'
-'$7X5$A4....d....WZaPV7LSUEIMo34.$v55F3Ug.Bxus7KHJ.SPns8deHuYIK04dmNt0sZ0Hy06'
-'$7X5$A4....d....WZaPV7LSUEIMo34.$o12IV46ubsPfNsl80VjVdXReNrK4a1n7dIWUj9hYkH9'
+'$7X5$A4....d....WZaPV7LSUEKMo34.$cyw3OKi7OcVi4Hpffx2PguL16E3vGU9Lo/q.OuqaLh5'
+'$7X5$A4....d....WZaPV7LSUEKMo34.$GQeJMxsZF7dSk5g2LGRyGhjCCgxUMqCb4qs9uUvbc5A'
+'$7X5$A4....d....WZaPV7LSUEIMo34.$7CF8YBfx0/DhVWt.eqWTHASFhbz5fGiu84CvP4LOiv1'
+'$7X5$A4....d....WZaPV7LSUEIMo34.$/SDk6650PNkCWbIGa8OizIxPm7VMf4JcZb.Sf6fvZmC'
diff -urp escrypt-0.3.1/crypto_scrypt-common.c escrypt-0.3.2/crypto_scrypt-common.c
--- escrypt-0.3.1/crypto_scrypt-common.c	2014-02-24 16:24:47.000000000 +0000
+++ escrypt-0.3.2/crypto_scrypt-common.c	2014-03-08 06:28:44.333435781 +0000
@@ -248,10 +248,11 @@ escrypt_gensalt_r(uint32_t N_log2, uint3
 	dst = buf;
 	*dst++ = '$';
 	*dst++ = '7';
-	if (flags)
+	if (flags) {
 		*dst++ = 'X'; /* eXperimental, subject to change */
-	if (flags != ESCRYPT_RW)
-		*dst++ = itoa64[flags];
+		if (flags != ESCRYPT_RW)
+			*dst++ = itoa64[flags];
+	}
 	*dst++ = '$';
 
 	*dst++ = itoa64[N_log2];
diff -urp escrypt-0.3.1/crypto_scrypt-nosse.c escrypt-0.3.2/crypto_scrypt-nosse.c
--- escrypt-0.3.1/crypto_scrypt-nosse.c	2014-02-28 01:00:53.000000000 +0000
+++ escrypt-0.3.2/crypto_scrypt-nosse.c	2014-03-08 07:13:51.121381962 +0000
@@ -307,6 +307,8 @@ block_sbox(uint64_t * B, const uint64_t
 				uint32_t s1l = s1;
 				uint32_t xl = x = X[j][k];
 
+				x += (uint64_t)xl * xl;
+				xl = x;
 				x += ((uint64_t)xl * s0l + s1) ^
 				    ((uint64_t)xl * s1l + s0);
 
diff -urp escrypt-0.3.1/crypto_scrypt-ref.c escrypt-0.3.2/crypto_scrypt-ref.c
--- escrypt-0.3.1/crypto_scrypt-ref.c	2014-02-24 17:45:42.000000000 +0000
+++ escrypt-0.3.2/crypto_scrypt-ref.c	2014-03-08 07:20:18.151109879 +0000
@@ -180,6 +180,8 @@ block_sbox(uint32_t * B, const uint32_t
 				uint64_t x = ((uint64_t)X[j][k][1] << 32) +
 				    (xl = X[j][k][0]);
 
+				x += (uint64_t)xl * xl;
+				xl = x;
 				x += ((uint64_t)xl * s0l + s1) ^
 				    ((uint64_t)xl * s1l + s0);
 
@@ -658,6 +660,8 @@ int
 escrypt_init_local(escrypt_local_t * local)
 {
 /* The reference implementation doesn't use the local structure */
+	local->base = local->aligned = NULL;
+	local->base_size = local->aligned_size = 0;
 	return 0;
 }
 
diff -urp escrypt-0.3.1/crypto_scrypt-sse.c escrypt-0.3.2/crypto_scrypt-sse.c
--- escrypt-0.3.1/crypto_scrypt-sse.c	2014-02-27 23:45:26.000000000 +0000
+++ escrypt-0.3.2/crypto_scrypt-sse.c	2014-03-08 07:02:14.307167384 +0000
@@ -215,6 +215,7 @@ blockmix_salsa8(const __m128i *restrict
 
 #define SBOX_SIMD_1(X, x, s0, s1) \
 	x = EXTRACT64(X) & 0x0ff000000ff0ULL; \
+	X = _mm_add_epi64(_mm_mul_epu32(X, X), X); \
 	s0 = *(const __m128i *)(S0 + (uint32_t)x); \
 	s1 = *(const __m128i *)(S1 + (x >> 32)); \
 
diff -urp escrypt-0.3.1/userom.c escrypt-0.3.2/userom.c
--- escrypt-0.3.1/userom.c	2014-02-28 01:00:50.000000000 +0000
+++ escrypt-0.3.2/userom.c	2014-03-08 07:22:52.104314609 +0000
@@ -19,14 +19,17 @@
  */
 
 #define ESCRYPT_FLAGS (ESCRYPT_RW | ESCRYPT_BLOCKMIX_SBOX)
+//#define ESCRYPT_FLAGS ESCRYPT_RW
+//#define ESCRYPT_FLAGS ESCRYPT_WORM
 
 #define ESCRYPT_MASK_SHM		1
 #define ESCRYPT_MASK_FILE		0xe
 
-//#define DISABLE_ROM
-
 #define ROM_SHM_KEY			0x524f4d0a
 
+//#define DISABLE_ROM
+//#define DUMP_LOCAL
+
 #include <stdio.h>
 #include <stdlib.h> /* for atoi() */
 #include <string.h>
@@ -182,6 +185,17 @@ int main(int argc, const char * const *a
 			    hash, sizeof(hash)));
 		}
 
+#ifdef DUMP_LOCAL
+#if 0
+		fwrite(local.aligned, local.aligned_size, 1, stderr);
+#else
+		/* Skip B, dump only V */
+		if (local.aligned_size >= ram_bytes + 128 * r)
+			fwrite((char *)local.aligned + 128 * r, ram_bytes,
+			    1, stderr);
+#endif
+#endif
+
 		puts("Benchmarking 1 thread ...");
 
 		clock_t clk_tck = sysconf(_SC_CLK_TCK);