Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 26 Sep 2015 02:07:30 +0200
From: magnum <>
Subject: Re: Reverse steps for single round sha(sha-1,

On 23/09/15 18:12, Aleksey Cherepanov wrote:
> Recently Solar mentioned a macro with reverse of 3 rounds of SHA2, but
> 7 rounds can be reversed.
> Below there is generic backward step for SHA2 as if it is last, next
> can be obtained just decreasing "indexes", e.g. with the following
> perl filter: perl -pe 's/([a-h]|i = )(\d+)/$1 . ($2 - 1)/ge'

Thank's a lot Aleksey, this is now implemented for SHA-256. I presume we 
can do exactly the same thing for SHA-512 but as far as I can see it's 
not possible for SHA-224/384 because we have more unknown data for them 
(the current three steps of reversing seems to be about it).

There was another boost of 3-4% as expected. I have yet to implement 
branch-less special functions for this but I will eventually do so 
(actually there is yet another branch now, for reversing of SHA-256 vs. 
SHA-224). As of now we probably have a slight regression for iterated 
formats like PBKDF2 (I did not even check yet).


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.