lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 30 Apr 2015 08:59:03 -0700
From: Bill Cox <>
To: "" <>
Subject: Re: [PHC] yescrypt AVX2

On Thu, Apr 30, 2015 at 7:14 AM, Solar Designer <> wrote:

> > It's good news that attackers probably also can't use Haswell to attack
> > yescrypt hashes tuned for older CPUs (with 128-bit S-box lookups) much
> > faster.  It's bad news that defenders can't benefit from Haswell either.
> So the conclusion so far stays the same: need to specifically tune
> pwxform for 256-bit or wider S-boxes to have it run faster on Haswell,
> if desired.  (This is easy to do, and is within currently specified
> yescrypt, as I've already demonstrated by trying 512-bit.)
> Alexander

Thanks for letting me have access to you Haswell machine last year.  I
tuned TwoCats for Haswell a bit, and found that in-cache hashing sped up
considerably.  When I added the small unpredictable memory reads, I lost a
lot of that speed-up, however.  Also, the external memory bottleneck did
not significantly change, so I was not able to speed up large memory
hashing significantly.  For a default I chose 8-lane hashing (256 bits) to
be more ready for the future, at a cost of giving attackers more
parallelism than the defender in the short-term.  It's a tough call...


Content of type "text/html" skipped

Powered by blists - more mailing lists