lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAOLP8p5bpt02CYp4pNbpB032z1jb118sm_YsL4whuf9TsRzeXw@mail.gmail.com>
Date: Wed, 16 Sep 2015 08:36:10 -0700
From: Bill Cox <waywardgeek@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Argon2d vs Argon2ds GPU benchmarks?

I'll continue to test the < 1ms hashing test case in L3 cache, just to keep
track of the difference it makes in that use case.  I'm not skilled enough
with GPUs to provide valid benchmarks there.

However, a major reason for Argon2ds is improved ASIC defense.
Compute-time hardening should be around 10X stronger.

This is critically important in the case where an attacker can fit the
memory on the same die, eliminating the bandwidth bottleneck.  Argon2ds
puts the multiplication chain on one serial operation in the scalar portion
of the CPU.  This provides somewhere around 10X stronger compute-time
hardening in an ASIC attack than just using multiplication in the modified
Blake2d, due to the faster scalar multiplier and the 8X parallelism in the
inner SIMD loop.  Future GPUs may be better able to take advantage of that
parallelism.

Bill

Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ