[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: optimized/specialized/revised scrypt implementations

On 11/16/12 17:40, Solar Designer wrote:
> One curious aspect is that it includes a version with 3x interleave
> (3 instances of scrypt are computed with inter-mixed instructions for
> greater instruction-level parallelism).  This confirms my gut feeling
> that Salsa20 core does not contain sufficient parallelism for some
> current CPUs.

BTW, taking advantage of CPU parallelism is useful, but not if it also
allows attackers to take advantage of more parallelism.  One of the topics
I'm going to address in my passwords'12 talk is the choice of building
blocks for scrypt... I'll post my slides here once I've written them.

Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid