[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110512100653.GA12601@openwall.com>
Date: Thu, 12 May 2011 14:06:53 +0400
From: Solar Designer <solar@...nwall.com>
To: crypt-dev@...ts.openwall.com
Subject: KDF based on bitslice DES (was: alternative approach)
On Thu, May 12, 2011 at 01:51:54PM +0400, Solar Designer wrote:
> ...I just found some pseudo-code for a bitslice DES based crypt(3) like
> function, which I wrote in 1998 (according to the file timestamp). I'll
> post it separately.
Here it is, with no changes:
---
int N = sizeof(word) * 8;
word B[64], K[56];
int rounds, i;
int64 salt;
int56 k;
int64 hash[2];
decode(&rounds, &salt);
k = get7();
for (i = 0; i < N; i++) {
B{i} = salt * N | i;
K{i} = k;
}
do {
bitslice(&B, K);
k = get7();
for (i = 0; i < N; i++)
K{i} = k ^ B{i};
} while (k);
for (i = 0; i < rounds; i++)
bitslice(&B, K);
hash[0] = 0;
for (i = 0; i < N; i++)
hash[0] ^= B{i};
bitslice(&B, K);
hash[1] = 0;
for (i = 0; i < N; i++)
hash[1] ^= B{i};
encode(rounds, salt, hash);
---
The curly braces refer to bit layers, e.g. B{i} means i'th bit of every
element of B[].
gets7() reads the next 7 characters of the input password/passphrase.
bitslice() is a bitslice implementation of DES. Since the same value of
K is used in multiple calls to bitslice(), the DES key schedule setup
may actually be out of the loop. This is not shown above for simplicity.
Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
