[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOLP8p7-O8v685WKAtqJxxYmMWwsF2hLW9OGBcUUfzh5WEy5Bg@mail.gmail.com>
Date: Thu, 30 Apr 2015 08:59:03 -0700
From: Bill Cox <waywardgeek@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] yescrypt AVX2
On Thu, Apr 30, 2015 at 7:14 AM, Solar Designer <solar@...nwall.com> wrote:
> > It's good news that attackers probably also can't use Haswell to attack
> > yescrypt hashes tuned for older CPUs (with 128-bit S-box lookups) much
> > faster. It's bad news that defenders can't benefit from Haswell either.
>
> So the conclusion so far stays the same: need to specifically tune
> pwxform for 256-bit or wider S-boxes to have it run faster on Haswell,
> if desired. (This is easy to do, and is within currently specified
> yescrypt, as I've already demonstrated by trying 512-bit.)
>
> Alexander
>
Thanks for letting me have access to you Haswell machine last year. I
tuned TwoCats for Haswell a bit, and found that in-cache hashing sped up
considerably. When I added the small unpredictable memory reads, I lost a
lot of that speed-up, however. Also, the external memory bottleneck did
not significantly change, so I was not able to speed up large memory
hashing significantly. For a default I chose 8-lane hashing (256 bits) to
be more ready for the future, at a cost of giving attackers more
parallelism than the defender in the short-term. It's a tough call...
Bill
Content of type "text/html" skipped
Powered by blists - more mailing lists