|
Message-ID: <20110323113826.GA7124@openwall.com> Date: Wed, 23 Mar 2011 14:38:26 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: GSOC - GPU for hashes Hi Thomas, I'm sorry for the delay in responding to you specifically. I assume that you've read other messages in the thread, which might address some of your would-be questions. On Sun, Mar 20, 2011 at 07:14:18PM +0100, Thomas Bertani wrote: > In the past I have used CUDA as a way to speed up the dtw algorithm > computation and now I'm really interested in the following tasks: > > - GPU for slow hashes > - GPU for fast hashes > > Actually CUDA is still the best way to do gpgpu as openCL is a much younger > project so CUDA is more mature. However also using openCL could be a choice > to consider. Sounds fine. Another thing to consider is that, quoting Marc Bevand, current "AMD GPUs are roughly 2x-3x faster than Nvidia GPUs on ALU-bound workloads": http://blog.zorinaq.com/?e=42 Low-level stuff, which we'll need for bitslice DES too (the BFI_INT instruction will be important for implementing DES S-boxes): http://blog.zorinaq.com/?e=43 Comparison of different GPUs: http://golubev.com/gpuest.htm Yet I am fine with us starting with CUDA. It may very well be the easy first step that we need to take. > Is there any further step I can do to go deep into the gpgpu related tasks? I suggest that you try to implement one of the slow hashes and have JtR use it. This can be any one of the Unix crypt(3) flavors, MSCash2 (perhaps just the PBKDF2 portion of it, leaving the rest for CPU), or phpass "portable" hashes. MD5-based crypt(3) and phpass "portable" hashes are easy targets. DES-based crypt(3) is harder to implement efficiently, although we'll need to do it (bitslice, of course). PBKDF2 should be easy and efficient, whereas Blowfish is apparently hard/unreasonable to implement on GPUs at this time: http://www.golubev.com/blog/?tag=pbkdf2 http://en.wikipedia.org/wiki/PBKDF2 This means that if you want an easy first target, MSCash2 is a better choice than Blowfish-based crypt(3). And we'll have other uses for PBKDF2 (also WPA, FileVault, keychain to name some popular requests). For info on MSCash2, see: http://openwall.info/wiki/john/MSCash2 and a newer revision of the code in 1.7.6-jumbo-12. SHA-crypt should be easy for the SHA-256 based flavor of it, but harder for the SHA-512 based one (64-bit operations, which I guess you will need to split into pairs of 32-bit ones, with carry? or do bitslice). The SHA-512 based flavor is far more common (and thus more important for us to support well). http://www.akkadia.org/drepper/SHA-crypt.txt Please let me know if you decide to approach some of this and if you have any further questions/comments. Thanks, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.