Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <50FA69CF.2070608@alumni.sfu.ca>
Date: Sat, 19 Jan 2013 01:39:27 -0800
From: Colin Percival <cperciva@...mni.sfu.ca>
To: crypt-dev@...ts.openwall.com
CC: Christian Forler <christian.forler@...-weimar.de>
Subject: Re: Password Scrambling

On 01/19/13 01:18, Christian Forler wrote:
> Let's say A has access to multiple CPUs. Then there are two extreme cases:
> 
> 1) A can test one candidate per CPU in parallel or
> 2) A can parallelize the KDF function and test the candidates in a
> sequential order.
> 
> In both cases, I would assume that the number of computed password
> candidates is similar apart a constant factor c. Or is this not the case?

If he has enough RAM, yes.  But case (1) requires N times as much RAM as
case (2), where N is the number of CPUs, since each CPU needs its own
memory rather than all the CPUs sharing.  Since the point of memory-hard
functions is to maximize the area-time cost of the RAM used, this makes
a big difference in the overall cost.

Colin Percival

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.