Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <15ed406f98f214b9e0024ac38caf296d@smtp.hushmail.com>
Date: Sat, 04 Aug 2012 21:39:46 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: sunmd5

On 2012-08-04 16:47, jfoug wrote:
> From: magnum [mailto:john.magnum@...hmail.com]
>> 
>> I did some profiling:
>> 
>> On a 5-minute run, it spends 76.56% in SSEmd5body() and 23.12% more
>> in other parts of crypt_all(). The modulus stuff is ~5%. I see
>> nothing obvious that can be made better.

> That is very surprising. I expected more of a gain, since we are 
> doing 25 SSEmd5body() calls back to back, with no key setup at all, 
> 1/2 of the time.  I really thought this would get better
> performance. The entire key setup for that 25 block work, was simply
> copying in the first 16 bytes (the prior crypt digest), writing the 1
> to 4 byte 'round' (in text), appending the 0x80, and writing 4 byte
> length. That is pretty trivial on keysetup.

Still, 4.42x speed (my gear) is a new highscore afaik. We usually get
about 3x at best from SSE2.

> Also, each round, there is copying from a flat buffer, back into a 
> MMX_COEF buffer, for each candidate. I would love to avoid this, but 
> since you have no idea if a candidate will use the 1 block, or the
> 25 block crypt on any given round, I do not see any way around that 
> issue.

That sounds expensive. Some cleverness here might be the key.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.