lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2118334971-2536@skroderider.denisbider.com>
Date: Sun, 5 Jul 2015 15:54:51 +0100
From: denis bider <pwhashing@...isbider.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Memory-hard proof of work with fast verification (CPU Hash)

Solar Designer (Alexander):

> Sure, but this makes your 512 MB ROM sort of irrelevant for
> GPU attacks. They can have that 512 MB in their GPU card's
> RAM, and will run almost as fast (for a trivial enhancement
> of scrypt) or just as slow (for yescrypt with pwxform).

You guys are making it sound like all GPU RAM has same performance characteristics. Global GPU RAM is large enough to match memory available to CPU in most desktops, BUT it is much slower than RAM local to each compute unit. The AMD R9 290X, for instance, has only 32 kB of this latter type of RAM. In the GeForce GTX 980M, CUDA cores have access to 96 kB of on-chip shared memory. An algorithm that forces the use of more will require global GPU memory and will be orders of magnitude less efficient.

You really don't want an algorithm that fits into the GPU on-chip memory. However, anything more than that will be slowed down by about the same amount, according to my understanding.

denis


Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ