lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <695962299.1087031283871123333.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
Date:	Tue, 7 Sep 2010 10:52:03 -0400 (EDT)
From:	Miloslav Trmac <mitr@...hat.com>
To:	Herbert Xu <herbert@...dor.hengli.com.au>
Cc:	Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
	netdev@...r.kernel.org
Subject: Re: RFC: Crypto API User-interface

----- "Herbert Xu" <herbert@...dor.hengli.com.au> wrote:
> On Tue, Sep 07, 2010 at 10:34:25AM -0400, Miloslav Trmac wrote:
> >
> > > > > 	/* These may also be set through sendmsg(2) cmsgs. */
> > > > > 	op = ALG_AEAD_OP_ENCRYPT;
> > > > > 	setsockopt(opfd, SOL_ALG, ALG_AEAD_OP, op, sizeof(op));
> > > > > 	setsockopt(opfd, SOL_ALG, ALG_AEAD_SET_IV, iv, ivlen);
> > > > So that is 8 syscalls to initialize a single AEAD operation.
> > > 
> > > If this interface is fast enough for TCP, it ought to be fast
> > > enough for crypto.
> > Crypto has much smaller granularity than TCP.  A single TLS
> handshake involves something on the order of 20 separate crypto
> operations in addition to setting up the four transforms used
> throughout the life of the session.
> > 
> > A single SHA-256 password verification is more than 5000 hash
> operations by default.
> 
> If you're processing a small amount of data the last thing you want
> is to go through the kernel if you care about performance.
> 
> Now on the other hand if you had to go through the kernel for
> certification reasons then why are you talking about performance?

Because in the real world people want both certification, features _and_ performance.  If all they cared about is certification they could just as well buy a pencil.
     Mirek
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ