Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 3 Sep 2015 03:40:41 +0300
From: Aleksey Cherepanov <>
Subject: Re: reverse of full sha1 and sha256 limb when hash and block are

On Thu, Sep 03, 2015 at 03:34:54AM +0300, Aleksey Cherepanov wrote:
> Easy practical application
> Consider a hash sha256(sha256(...).sha256(...)), for instance
> sha256(sha256($p).sha256($s))
> sha256($p).sha256($s) produces exactly 1 block of message, so the
> second block is 0x80, padding and constant length always. So we can
> reverse the second block and check intermediate state computing only 1
> limb instead of 2. That's up to 50% higher speed (considering that we

I meant 2x speed up. That's 100% higher speed. Sorry!

Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.