tech-crypto archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Patch: cprng_fast performance - please review.
> I would still suggest Salsa20 or ChaCha. My measurements with naive C
> code suggest that, if you buffer the output for short outputs, these
> take on average 40-50 Ivy Bridge cycles per request. (If you don't
> buffer the output, it's 300 cycles.) Long requests get ~4 cpb. In
> contrast, libc random(3) takes on average 50-60 Ivy Bridge cycles per
> request, and long requests get ~13 cpb.
It is also possible to used reduced round versions of these; I believe
the best known attacks are still on 8 rounds of Salsa20 and 7 of ChaCha
and the default is 20 rounds. 20, 12, and 8 are the suggested numbers
of rounds. It may well be safer to use ChaCha/8 than some other
algorithm (the known attacks on Salsa20/8 and ChaCha/7 are not that
good).
-Matt
Home |
Main Index |
Thread Index |
Old Index