Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <41f060ef64f0e76d49550d6337165972@smtp.hushmail.com>
Date: Mon, 01 Jun 2015 14:22:40 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Interleaving of intrinsics

On 2015-06-01 13:37, magnum wrote:
> Here's a somewhat unrelated note: While MD4/5 just use the w[16] pad,
> SHA1 and SHA2 use w[80] internally. We handle this differently in all
> three: SHA1 keeps a sliding window of tmpR[16] and some EXPAND macros
> (Jim did this, for a 10% boost of Simon's original code that had w[80]).
> SHA256 seems to manage with just tmp1 and the R() macro.

This was incorrect, I think SHA256 effectively does it similar to SHA1.

> And SHA512 actually use an expensive w[80]. This should be looked
> into. I'll have a peak at Alain's code again. Maybe SHA1 and SHA512
> could do it more like SHA256 does it?

Looking at reference code, I'm not sure why we use w[80] nor a smaller 
rolling temp for any of them. Is this for not re-doing rotates or something?

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.