lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 7 Apr 2014 07:19:41 -0500 (CDT)
From: Steve Thomas <>
To: "" <>
Subject: EARWORM (ROM hard is not enough)

The problem I have with EARWORM is that it's only good if the ROM is too
big to fit in GPU memory. Currently we have high-end GPUs starting at 4 GiB
with 12 GiB being the max (right?). You only need one copy of the ROM in
GPU memory and since the state per each password guess is small (64 bytes)
you can have several passwords being checked at the same time. Note that
the state is parallel so if we increase the state to a few MiB then the
attacker will have a different GPU thread for each part (16 bytes).
Although they do need to "combine" often so they get the new block index.

Also loading a large ROM into memory might not be good for UX in certain
cases. This is OK in cases where the ROM is always in memory like
authentication servers, but for FDE it might be annoying waiting for it to
read a few gigs from disk. Although this isn't a big problem for new SSDs,
my craptop would take awhile.

I was going to suggest that you use the ROM as the initial state of the RAM
and modify as you go but this would probably not be allowed. As this is a
large change. I just read that this is what was talked about and it came to
the same conclusion of wouldn't happen. Also from what was mention in that
thread I think I need to go through these faster so I can get to yescrypt

Powered by blists - more mailing lists