Re: Patch: cprng_fast performance - please review.

To: Taylor R Campbell <campbell+netbsd-tech-kern%mumble.net@localhost>
Subject: Re: Patch: cprng_fast performance - please review.
From: Markku-Juhani Olavi Saarinen <mjos%iki.fi@localhost>
Date: Fri, 18 Apr 2014 20:23:11 +0200

On Fri, Apr 18, 2014 at 8:11 PM, Taylor R Campbell
<campbell+netbsd-tech-kern%mumble.net@localhost> wrote:
>    Date: Fri, 18 Apr 2014 19:58:06 +0200
>    From: Markku-Juhani Olavi Saarinen <mjos%iki.fi@localhost>
>
>    If you want to get rid of RC4, use AES in CTR mode. It is standard,
>    compact, clean, and really fast solution. May sound boring, but gives
>    me a feel of solid security engineering.
>
> We use that for /dev/u?random and cprng_strong(9).  It's much slower
> than RC4, Salsa20, and ChaCha, and it, too, has cache-timing side
> channels without hardware assistance.

Agreed. AES is worse if you don't have AES-NI.

It has been there on all new systems purchased in some last 3 years,
so I would *guess* that it would be > 50% of systems fielded out
there.

The implementation size really goes down with the instructions since
the large tables are eliminated (they're on the chip). Few hundred
bytes.

Cheers,
- markku

Follow-Ups:
- Re: Patch: cprng_fast performance - please review.
  - From: Matt Thomas
- Re: Patch: cprng_fast performance - please review.
  - From: Roland C. Dowdeswell

References:
- Re: Patch: cprng_fast performance - please review.
  - From: Markku-Juhani Olavi Saarinen
- Re: Patch: cprng_fast performance - please review.
  - From: Taylor R Campbell

Prev by Date: Re: Patch: cprng_fast performance - please review.
Next by Date: Re: Patch: cprng_fast performance - please review.
Previous by Thread: Re: Patch: cprng_fast performance - please review.
Next by Thread: Re: Patch: cprng_fast performance - please review.
Indexes:

Home | Main Index | Thread Index | Old Index