On Mon, Jun 20, 2016 at 05:49:17PM +0200, Stephan Mueller wrote: > > Is speed everything we should care about? What about: > > - offloading of crypto operation from the CPU In practice CPU offland is not helpful, and in fact, in most cases is harmful, when one is only encrypting a tiny amount of data. That's because the cost of setup and teardown, not to mention key scheduling, dominate. This is less of the case in the case of the SIMD / AVX optimizations --- but that's because these are CPU instructions, and there really isn't any CPU offloading going on. > - potentially additional security features a hardware cipher may provide like > cache coloring attack resistance? Um.... have you even taken a *look* at how ChaCha20 is implemented? *What* cache coloring attack is possible at all, period? Hint: where are the lookup tables? Where are the data-dependent memory accesses in the ChaCha20 core? - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html