atoponce, 19 days ago Just sent in my first patch to the #Linux kernel. This changes the kernel CSPRNG from ChaCha20 to ChaCha8 providing ~2x performance improvement without sacrificing security. #crypto #cryptography https://lore.kernel.org/lkml/20240429134942.2873253-1-aaron.toponce@gmail.com/T/#u
Just sent in my first patch to the #Linux kernel.
This changes the kernel CSPRNG from ChaCha20 to ChaCha8 providing ~2x performance improvement without sacrificing security.
#crypto #cryptography
https://lore.kernel.org/lkml/20240429134942.2873253-1-aaron.toponce@gmail.com/T/#u
atoponce, 19 days ago Got some push back on my kernel patch, which I expected, so I argued my position. Curious to see if others chime in and where the discussion goes, if anywhere. So far though, I would say my patch looks like it probably won't get implemented.
Got some push back on my kernel patch, which I expected, so I argued my position. Curious to see if others chime in and where the discussion goes, if anywhere. So far though, I would say my patch looks like it probably won't get implemented.
atoponce, 18 days ago Ted Ts'o thinks I'm a shill sent by a nation state, ala Jia Tan of xz infamy, to weaken the RNG. Talk about an immature knee-jerk. Heh. https://lore.kernel.org/lkml/20240429134942.2873253-1-aaron.toponce@gmail.com/T/#m286677449488f1e0195ba81234e47090a8a3474a
Ted Ts'o thinks I'm a shill sent by a nation state, ala Jia Tan of xz infamy, to weaken the RNG. Talk about an immature knee-jerk. Heh.
https://lore.kernel.org/lkml/20240429134942.2873253-1-aaron.toponce@gmail.com/T/#m286677449488f1e0195ba81234e47090a8a3474a
filippo, 18 days ago @atoponce lol IIRC BoringSSL had a userspace CSPRNG because the kernel one was too slow for TLS record IVs. Check if that’s still the case? (Ted is wrong, in TLS 1.2 you need random at every record, not just when doing asymmetric crypto. TLS 1.3 fixed that.)
@atoponce lol
IIRC BoringSSL had a userspace CSPRNG because the kernel one was too slow for TLS record IVs. Check if that’s still the case?
(Ted is wrong, in TLS 1.2 you need random at every record, not just when doing asymmetric crypto. TLS 1.3 fixed that.)
Add comment