Katja Malvoni
ABSTRACT
Bcrypt is a password hashing scheme based on the Blowfish block cipher. It was designed to be resistant to brute force attacks and to remain secure despite of hardware improvements [13]. Expensive key setup with user-defined cost setting makes this hash slow while rapid random 32-bit lookups using Blowfish's variable S-boxes require 4 KB of local memory per instance. This memory access pattern makes bcrypt moderately unfriendly to parallel implementation on modern CPUs, where on one hand gather addressing is required in order to exploit the CPUs' SIMD capabilities, and on the other even when gather addressing is in fact available the L1 data cache size becomes the limiting factor. Despite of this (and due to it), it is possible to achieve much better performance per Watt with bcrypt implementations on homogeneous and heterogeneous multiprocessing platforms: Parallella board with 16- or 64-core Epiphany accelerator and ZedBoard with Zynq reconfigurable logic [16, 2]. Proposed implementations were integrated into John the Ripper password cracker resulting in improved energy efficiency by a factor of 35+ compared to heavily optimized implementations on modern CPUs.
- ADAPTEVA. Epiphany Architecture Reference. http://adapteva.com/docs/epiphany_arch_ref.pdf, 2013.Google Scholar
- ADAPTEVA. Parallella Computer Specifications. http://www.parallella.org/board/, 2013.Google Scholar
- ADAPTEVA. Parallella Reference Manual. http://www.parallella.org/docs/parallella_manual.pdf, 2013.Google Scholar
- DESIGNER, S., AND MARECHAL, S. Password security: past, present, future. http://www.openwall.com/presentations/ Passwords12-The-Future-Of-Hashing/, 2012.Google Scholar
- F. WIEMER, R. Z. Speed and Area-Optimized Password Search of bcrypt on FPGAs.Google Scholar
- FOUNDATION, E. F. EFF DES cracker. http://en.wikipedia.org/wiki/EFF_DES_cracker, 1998.Google Scholar
- KIRAN, L. K., ABHILASH, J. E. N., AND KUMAR, P. S. FPGA Implementation of Blowfish Cryptosystem Using VHDL.Google Scholar
- MALVONI, K., AND DESIGNER, S. Energy-efficient bcrypt cracking. http://www.openwall.com/presentations/ Passwords13-Energy-Efficient-Cracking/, 2013.Google Scholar
- OPENWALL. John the Ripper password cracker. http://www.openwall.com/john/.Google Scholar
- OPENWALL. Modern password hashing for your software and your servers. http://www.openwall.com/crypt/.Google Scholar
- PATEL, M. C. R., GOHIL, P. N. B., AND SHAH, P. V. FPGA - hardware based DES and Blowfish symmetric cipher algorithms for encryption and decryption of secured wireless data communication.Google Scholar
- POPPITZ, M. FPGA Based UNIX Crypt Hardware Password Cracker. http://www.sump.org/projects/password/, 2006.Google Scholar
- PROVOS, N., AND MAZIÈRES, D. A Future-Adaptable Password Scheme. Proceedings of the FREENIX Track: 1999 USENIX Annual Technical Conference (1999). Google Scholar
- SIMMLER, H., KUGEL, A., MANNER, R., VIEIRA, A., GALVEZ-DURAND, DE ALCANTARA, F., J.M.S., AND ALVES, V. Implementation of cryptographic applications on the reconfigurable FPGA coprocessor microEnable.Google Scholar
- XILINX. Xilinx Zynq-7000 All Programmable SoC ZC706 Evaluation Kit. http://www.xilinx.com/products/ boards-and-kits/EK-Z7-ZC706-G.htm.Google Scholar
- XILINX. XUP ZedBoard. http://www.xilinx.com/ support/university/boards-portfolio/xup-boards/ XUPZedBoard.html.Google Scholar
- XILINX. Zynq-7000 All Programmable SoC Family of Reconfigurable Devices.Google Scholar
- ZTEX. USB-FPGA Module 1.15. http://www.ztex.de/ usb-fpga-1/usb-fpga-1.15.e.html.Google Scholar
Comments