[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Patch: cprng_fast performance - please review.
On Fri, Apr 18, 2014 at 8:11 PM, Taylor R Campbell
> Date: Fri, 18 Apr 2014 19:58:06 +0200
> From: Markku-Juhani Olavi Saarinen <mjos%iki.fi@localhost>
> If you want to get rid of RC4, use AES in CTR mode. It is standard,
> compact, clean, and really fast solution. May sound boring, but gives
> me a feel of solid security engineering.
> We use that for /dev/u?random and cprng_strong(9). It's much slower
> than RC4, Salsa20, and ChaCha, and it, too, has cache-timing side
> channels without hardware assistance.
Agreed. AES is worse if you don't have AES-NI.
It has been there on all new systems purchased in some last 3 years,
so I would *guess* that it would be > 50% of systems fielded out
The implementation size really goes down with the instructions since
the large tables are eliminated (they're on the chip). Few hundred
Main Index |
Thread Index |