Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20110521223651.GA27587@openwall.com>
Date: Sun, 22 May 2011 02:36:51 +0400
From: Solar Designer <solar@...nwall.com>
To: crypt-dev@...ts.openwall.com
Subject: Re: alternative approach

David, Yuri -

On Sat, May 21, 2011 at 05:32:06AM -0700, David Hulton wrote:
> I think that we'd probably end up using a V6LX240T because it's not
> very cost effective to go to anything larger. We will be coming out
> with a V7 board later this year which will have closer to 500k LUTs
> but it won't be available until after this project is over.

OK.  Did your DES speed numbers (such as 22 billion/second/chip) apply
to XC6VLX240T or to something else?  This is important for us to know
such that we can compare DES against the alternatives we're considering.

> One thing we might want to consider is making this pack into LUTs the
> most efficiently. I believe that for the DES S-boxes it only requires
> 4 6-input LUTs per S-box.

Yes, DES is great in that respect.

However, DES is probably larger than my bflike thing, so we'd have fewer
cores.  I'd appreciate it if you post some info on that - e.g., some
synthesis results (preferably directly comparable to what Yuri posted
for bflike) for one fully-pipelined DES core.  Alternatively, I need the
number of fully-pipelined DES cores that you manage to fit in a
particular Xilinx chip.  There must be some overhead to manage those
cores, though (feed them with inputs, process their outputs) - I'd
appreciate info on that as well (what percentage of the logic is spent
on that?)

Also, DES is more software-friendly (with bitslice implementations).

Given the numbers Yuri posted, it appears that a XC6VLX240T would
outperform Core i7-2600 at bflike by a factor of 200.  Isn't this 5x
better than the 40x we had for DES?  This ignores the overhead, though.
But on the other hand, there's further room for improvement (add bit
permutations, which will slow down software).

> I'm not sure how this compares to the
> modified BF implementation (sorry I haven't had a chance to review
> this much because I'm out of the country at the moment, btw are you
> going to PH-Neutral?), but it would be good to double check how many
> LUTs are used and see if there's a more optimal way to structure it
> that still implements the similar amount of security.

That's what we're trying to do, and we'd appreciate your help with it -
specifically, more info on your DES cores, and some advice on
generating and understanding a circuit diagram or the like.

No, I am not going to PH-Neutral.  Have fun there!

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.