| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140831062749.GA21121@openwall.com> Date: Sun, 31 Aug 2014 10:27:49 +0400 From: Solar Designer <solar@...nwall.com> To: discussions@...sword-hashing.net Subject: bcrypt in hardware (Re: [PHC] A review per day - TwoCats) Bill, On bcrypt: On Sat, Aug 30, 2014 at 08:50:38AM +0400, Solar Designer wrote: > On Fri, Aug 29, 2014 at 03:12:47PM -0400, Bill Cox wrote: > > I think a round should be doable in a clock cycle > > Yes. > > > without any memory accesses using an async SRAM, > > You're the expert here. I can only say that a round is doable in a > single clock cycle with memory accesses, as has been implemented in > FPGAs already. The addresses may be computed at the beginning of this > cycle, or at the end of the previous cycle. Yes, combining both > computation and memory lookups on the same cycle limits clock rate. > Some 2-cycle designs might be faster, if 2x more memory is available. I finally got around to placing the slides from Katja Malvoni's latest talks online: http://www.openwall.com/presentations/Passwords14-Energy-Efficient-Cracking/ This also includes a link to our WOOT '14 paper. 1 cycle/round bcrypt designs are mentioned on the slides and in the paper. As we learned in July, another team worked on bcrypt cracking on ZedBoard as well. They have a 1 cycle/round design too. Curiously, Ralf Zimmermann from that other team is also co-author of AntCrypt, a PHC candidate. It's a small world. Alexander
Powered by blists - more mailing lists