| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1482298164.8944.8.camel@edumazet-glaptop3.roam.corp.google.com>
Date: Tue, 20 Dec 2016 21:29:24 -0800
From: Eric Dumazet <eric.dumazet@...il.com>
To: George Spelvin <linux@...encehorizons.net>
Cc: tytso@....edu, ak@...ux.intel.com, davem@...emloft.net,
David.Laight@...lab.com, djb@...yp.to, ebiggers3@...il.com,
hannes@...essinduktion.org, Jason@...c4.com,
jeanphilippe.aumasson@...il.com,
kernel-hardening@...ts.openwall.com, linux-crypto@...r.kernel.org,
linux-kernel@...r.kernel.org, luto@...capital.net,
netdev@...r.kernel.org, tom@...bertland.com,
torvalds@...ux-foundation.org, vegard.nossum@...il.com
Subject: Re: HalfSipHash Acceptable Usage
On Tue, 2016-12-20 at 22:28 -0500, George Spelvin wrote:
> > I do not see why SipHash, if faster than MD5 and more secure, would be a
> > problem.
>
> Because on 32-bit x86, it's slower.
>
> Cycles per byte on 1024 bytes of data:
> Pentium Core 2 Ivy
> 4 Duo Bridge
> SipHash-2-4 38.9 8.3 5.8
> HalfSipHash-2-4 12.7 4.5 3.2
> MD5 8.3 5.7 4.7
So definitely not faster.
38 cycles per byte is a problem, considering IPV6 is ramping up.
But TCP session establishment on P4 is probably not a big deal.
Nobody would expect a P4 to handle gazillions of TCP flows (using a
32bit kernel)
What about SHA performance (syncookies) on P4 ?
Synfloods are probably the only case we might take care of for 2000-era
cpus.
Powered by blists - more mailing lists