Am Montag, 20. Juni 2016, 11:01:47 schrieb Theodore Ts'o: Hi Theodore, > > So simply doing chacha20 encryption in a tight loop in the kernel > might not be a good proxy for what would actually happen in real life > when someone calls getrandom(2). (Another good question to ask is > when someone might be needing to generate millions of 256-bit session > keys per second, when the D-H setup, even if you were using ECCDH, > would be largely dominating the time for the connection setup anyway.) Is speed everything we should care about? What about: - offloading of crypto operation from the CPU - potentially additional security features a hardware cipher may provide like cache coloring attack resistance? Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html