Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 5 Apr 2011 07:09:53 +0400
From: Solar Designer <>
Subject: Re: Answering and asking some of the first questions

On Mon, Apr 04, 2011 at 09:19:18PM -0300, Yuri Gonzaga wrote:
> Although I don't know if I am able to finish this in next 2 week, I accept
> the qualification task. I want to try!


> Last few days, I have analyzed the bcrypt details. I could understand its
> idea and what the problems related to its hardware implementation.
> First, it is impractable to implement fully pipelined, mainly due to the
> EskBlowFishSetup() during calls to ExpandKey() as each input depends on the
> last execution.
> So, the implentation have to be sequential. As you said, only one bcrypt
> core will be slower than software approaches.

With pipelining, you would have different candidate passwords tested in
different pipeline stages, which would avoid data dependencies.  However,
I guess this is in fact impractical for Blowfish, because you need to
maintain separate 4 Kbyte large S-boxes for each candidate password
being tested at a time, which is probably what you'd spend most logic on.

> Starting by now, I will code this in SystemVerilog and compile/synthesize to
> Altera's FPGA. Then, I will try to interface with JtR.

Sounds fine.

I'd prefer that you have a functioning but slow implementation sooner
rather than an optimized one later.  So please switch to work on
interfacing with JtR as soon as you have an initial implementation in
the FPGA working, even if slowly.

> About the GSoC real task: Apparently, the scrypt is harder than bcrypt
> against hardware attacks. So, how could we take advantage of a hardware
> implementation?
> What the difference in crypt(3) that you want to introduce?

I've just addressed this in a separate message.



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.