| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACXcFmnEWbGmBc-RmkuOacVVH5sVtdC8ca7Jgbqx2+6TmTPzCg@mail.gmail.com>
Date: Wed, 2 Nov 2016 16:47:33 -0400
From: Sandy Harris <sandyinchina@...il.com>
To: Herbert Xu <herbert@...dor.apana.org.au>
Cc: "Jason A. Donenfeld" <Jason@...c4.com>,
"David S. Miller" <davem@...emloft.net>,
linux-crypto@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
Martin Willi <martin@...ongswan.org>
Subject: Re: [PATCH] poly1305: generic C can be faster on chips with slow
unaligned access
On Wed, Nov 2, 2016 at 4:09 PM, Herbert Xu <herbert@...dor.apana.org.au> wrote:
> On Wed, Nov 02, 2016 at 06:58:10PM +0100, Jason A. Donenfeld wrote:
>> On MIPS chips commonly found in inexpensive routers, this makes a big
>> difference in performance.
>>
>> Signed-off-by: Jason A. Donenfeld <Jason@...c4.com>
>
> Can you give some numbers please? What about other architectures
> that your patch impacts?
In general it is not always clear that using whatever hardware crypto
is available is a good idea. Not all such hardware is fast, some CPUs
are, some CPUs have hardware for AES, and even if the hardware is
faster than the CPU, the context switch overheads may exceed the
advantage.
Ideally the patch development or acceptance process would be
testing this, but I think it might be difficult to reach that ideal.
The exception is a hardware RNG; that should always be used unless
it is clearly awful. It cannot do harm, speed is not much of an issue,
and it solves the hardest problem in the random(4) driver, making
sure of correct initialisation before any use.
Powered by blists - more mailing lists