Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 May 2011 14:06:53 +0400
From: Solar Designer <>
Subject: KDF based on bitslice DES (was: alternative approach)

On Thu, May 12, 2011 at 01:51:54PM +0400, Solar Designer wrote:
> ...I just found some pseudo-code for a bitslice DES based crypt(3) like
> function, which I wrote in 1998 (according to the file timestamp).  I'll
> post it separately.

Here it is, with no changes:

int N = sizeof(word) * 8;
word B[64], K[56];
int rounds, i;
int64 salt;
int56 k;
int64 hash[2];

decode(&rounds, &salt);

k = get7();
for (i = 0; i < N; i++) {
	B{i} = salt * N | i;
	K{i} = k;

do {
	bitslice(&B, K);
	k = get7();
	for (i = 0; i < N; i++)
		K{i} = k ^ B{i};
} while (k);

for (i = 0; i < rounds; i++)
	bitslice(&B, K);

hash[0] = 0;
for (i = 0; i < N; i++)
	hash[0] ^= B{i};

bitslice(&B, K);

hash[1] = 0;
for (i = 0; i < N; i++)
	hash[1] ^= B{i};

encode(rounds, salt, hash);

The curly braces refer to bit layers, e.g. B{i} means i'th bit of every
element of B[].

gets7() reads the next 7 characters of the input password/passphrase.

bitslice() is a bitslice implementation of DES.  Since the same value of
K is used in multiple calls to bitslice(), the DES key schedule setup
may actually be out of the loop.  This is not shown above for simplicity.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.