lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 24 Jun 2014 13:20:31 +0200
From: Thomas Pornin <pornin@...et.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] not bossy

On Tue, Jun 24, 2014 at 02:55:56AM +0400, Solar Designer wrote:
> IIRC, a hurdle was that Solaris of the time would clobber high 32 bits
> of 64-bit integer registers on context switches (the kernel was
> 64-bit, but userland 32-bit)

It was the other way round: the kernel was 32-bit, and unaware that
the userland was doing things with the high halves of the 64-bit
registers (actually, the kernel was unaware that the registers were
longer than 32 bits).

Solaris 7, released in November 1998, was 64-bit aware and removed this
limitation. The DES-frenzy at distributed.net reached its end on January
1999 (the DES-III challenge) so the 64-bit Solaris did not have enough
time to percolate before people lost interest in bitslice DES
optimization.


> While arriving at the absolute lowest gate count (and having any sort
> of certainty of that) is already intractable for DES S-boxes even with
> few gate types, an interesting question is whether we likely get
> closer or stay farther away from that holy grail in practice when we
> have more gate types.

As far as I know, Kwan's work for almost entirely manual (that's what
he told me, at least) so he cannot easily do it again under other
conditions.

Apart from UltraSPARC, a number of other processors have opcodes which
go beyond the elementary operations corresponding to C operators. For
instance, Alpha offered the classic NOT, AND, OR and XOR, but also
ANDNOT, ORNOT and XORNOT.


	--Thomas Pornin

Powered by blists - more mailing lists