PBKDF2: Use gcry_md_reset to speed up calculation.
04cda6b7cc16Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

PBKDF2: Use gcry_md_reset to speed up calculation.

* cipher/kdf.c (_gcry_kdf_pkdf2): Use gcry_md_reset
to speed up calculation.

Current PBKDF2 implementation uses gcry_md_set_key in every iteration
which is extremely slow (even in comparison with other implementations).

Use gcry_md_reset instead and set key only once.

With this test program:

char input[32000], salt[8], key[16];
gcry_kdf_derive(input, sizeof(input), GCRY_KDF_PBKDF2,
                gcry_md_map_name("sha1"),
                salt, sizeof(salt), 100000, sizeof(key), key);

running time without patch:

real    0m11.165s
user    0m11.136s
sys     0m0.000s

and with patch applied

real    0m0.230s
user    0m0.184s
sys     0m0.024s

(The problem was found when cryptsetup started to use gcrypt internal PBKDF2
and for very long keyfiles unlocking time increased drastically.
See https://bugzilla.redhat.com/show_bug.cgi?id=1051733)

Signed-off-by: Milan Broz <gmazyland@gmail.com>

Details

Provenance

gmazyland	Authored on Jan 13 2014, 9:30 PM
• werner	Committed on Jan 14 2014, 4:34 PM

Parents

rCdfde161355b1: Add DCO entry for Milan Broz.

Branches

Unknown

Tags

Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rC04cda6b7cc16: PBKDF2: Use gcry_md_reset to speed up calculation. (authored by Milan Broz <gmazyland@gmail.com>).Jan 14 2014, 4:34 PM

Changes (1)

Path

Size

cipher/

kdf.c

rC04cda6b7cc16

View Options

PBKDF2: Use gcry_md_reset to speed up calculation.04cda6b7cc16UnpublishedActions