Received: by 2002:ab2:60d1:0:b0:1f7:5705:b850 with SMTP id i17csp431376lqm; Wed, 1 May 2024 05:24:19 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWBo/70A6z9/sgDhBxZIK0Js/xjy9Yd8fo5ffGPS5uj2HD6Gf1q0ITIfUBkEj9qWhBu3DLWvsks4aReEVIAMJD6lZz4pJo6I77CMWp4zQ== X-Google-Smtp-Source: AGHT+IEmAkxSsjl2rgQCQf+Ksfcmr/T/hb58g1Kb37f47M55u+eAIIMrlihPEfkE7+87osTf6Fub X-Received: by 2002:a05:622a:4ca:b0:43a:f260:89ea with SMTP id q10-20020a05622a04ca00b0043af26089eamr2442685qtx.44.1714566259217; Wed, 01 May 2024 05:24:19 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714566259; cv=pass; d=google.com; s=arc-20160816; b=Le759o+XCpm5k6hN+gQaZb9BdrH/ZG54O7c45S9824CadbleP1New6cA707BrARxGV Z8/UBmYvghR6VOntJKTBMYOafR90UY7AKo+N1HDLfWzcopgsuq1RUicmwPuqdhnuDM5l FoMMFDvNJ1lO13XjWc9rbizPT0H2iIXLPjr4qMiNBCVgJ/BMHKvtmG38ZjMgWm8pETgE 9beWKgab/IEPD/ioYPk/i0Vbzj4CVlRMMyzlwgf7eue4HlNW5i84qIxkMUEcp3hozyyn SiYRh6AetA0JXQT3DaPAJg5FI39BmYyJjFUax3QyU+qAihqd2kdDzTSvWMFRmp27Lq94 4nAA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=NLGmvpuGq6M4xI0VpYsigWBLG+MQqgRSX4z0hHktlOU=; fh=Z+4eSNMedSVzeO3jMR1/mOItPgYPXieE5cAWAXOu6GM=; b=nNO8qp/2ttLpe0w2V7Z8YJCjbyv5Y5Ag3Vj2fj6xvQK4h5kh4eAkgPUbUoQbDSnR+v EC59uJGCADG7dxhtdll7qoqnoQ+p+OEQopzsTyWRZN4c9ql8U62oG01qYcorqSVxFvcE AE3yumq+8zEIzbSMU63Qu0gc2TV4GJTOFBdfQVCnxmGxQXPB9/4ZlW9FXjhL5vYp6P9p QFmd+fmfR8/c9WxyyxA65n1EXHq+7t67zp+gr5OnYzDVdgJKH3/5J8WENevJV6gvkKmU EqSMfv3Fm0vMvpDwEzW2bQwhDVmabb/R1jx/wrt0YZKqpnGRETdn8DyTdG8eyZtFVvNq UE3g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=EraFYfOb; arc=pass (i=1 dkim=pass dkdomain=zx2c4.com); spf=pass (google.com: domain of linux-crypto+bounces-3991-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3991-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id f9-20020ac87f09000000b0043c798869a3si1714530qtk.430.2024.05.01.05.24.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 May 2024 05:24:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-3991-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=EraFYfOb; arc=pass (i=1 dkim=pass dkdomain=zx2c4.com); spf=pass (google.com: domain of linux-crypto+bounces-3991-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3991-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id E62BE1C20F4A for ; Wed, 1 May 2024 12:24:18 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B6BBC85643; Wed, 1 May 2024 12:21:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="EraFYfOb" X-Original-To: linux-crypto@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 41C328526A; Wed, 1 May 2024 12:21:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714566102; cv=none; b=c0nHW1g9cz5r+CJqn2bYxYA2jXa4b5wpGBO+ArOuXlzoHyMEpZmzkwxwn4O/So30dATZ98W2Duu0Jdzo5rRUwfXRiPtCnBmc3NeUcfkF4bEh6VzXPXerRaWdbwYLm2CxAJ1ef7huUWBDXwNDRGLSN5xVl12iJLlodeem9zwQ1DE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714566102; c=relaxed/simple; bh=NLGmvpuGq6M4xI0VpYsigWBLG+MQqgRSX4z0hHktlOU=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=sBtcUk6Vnrs8V5HFYZIoCuILxL8wWa+r9Th9UhohJCU4JXEPBDy985sYzKWUQOx4bgHzc3gos6Ll5wrDGvQ7QiY2UOa/Xp/uWeqES+d/AGb6/pRErUwltpwLV22HUUp5hjl/3AG2q//nKEwBXYk5K2BhrGk+JeudDzUgZd9h4dY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b=EraFYfOb; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id EC7DFC113CC; Wed, 1 May 2024 12:21:40 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="EraFYfOb" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1714566099; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=NLGmvpuGq6M4xI0VpYsigWBLG+MQqgRSX4z0hHktlOU=; b=EraFYfObXaR9macsmFHFX2GTuUdbi9YRcJxHR+2tXHAOHELXAFLXpf4NadSp1eQiu5FXpJ dsqYup/TraeY9Qb9yAnAqBGOxWMQfBoIXvuzBYrPCdeoEgJSheumcqsJ4EMcPjlkW0G2U1 cgju7ZbAZmQ5wZbZ7m+oO7Dcg1+UOMM= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 0cf47f87 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Wed, 1 May 2024 12:21:37 +0000 (UTC) Date: Wed, 1 May 2024 14:21:35 +0200 From: "Jason A. Donenfeld" To: Aaron Toponce Cc: Theodore Ts'o , Herbert Xu , "David S. Miller" , linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org Subject: Re: [PATCH] random: add chacha8_block and swtich the rng to it Message-ID: References: <20240429134942.2873253-1-aaron.toponce@gmail.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20240429134942.2873253-1-aaron.toponce@gmail.com> Hey Aaron, There are probably better ways of speeding this up (e.g. my vDSO work, which should be coming back soon) than just removing rounds and hoping for the best. The problem is that there's extremely broad consensus that ChaCha20 is good at what it does. There's much less so for ChaCha8. JP's _probably_ right, and it all seems like a sensible risk analysis...maybe...but also, why play with fire? Is it really worth it? I don't think there's much harm done in being really conservative about all this. Another consideration with the RNG is that most everybody else's crypto relies on the RNG being good. If some consumer of the RNG wants to use single DES, so be it. If another consumer wants to use a cascade of ChaCha20 and AES and Serpent and Keccak for something, okay. Those aren't our choices. But we shouldn't prevent those choices by weakening the RNG. So while it *might* be kinda overkill, there's also broad consensus that what we've got is *definitely* sufficient for all uses. At the same time, it's still pretty darn fast, there exist other ways to make it faster, and I don't think it's /overly/ much. Jason