On Fri, Aug 7, 2020 at 10:55 AM Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
>
> I think the real random.c can run plenty fast. It’s ChaCha20 plus ludicrous overhead right now.
I doubt it.
I tried something very much like that in user space to just see how
many cycles it ended up being.
I made a "just raw ChaCha20", and it was already much too slow for
what some of the networking people claim to want.
And maybe they are asking for too much, but if they think it's too
slow, they'll not use it, and then we're back to square one.
Now, what *might* be acceptable is to not do ChaCha20, but simply do a
single double-round of it.
So after doing 10 prandom_u32() calls, you'd have done a full
ChaCha20. I didn't actually try that, but from looking at the costs
from trying the full thing, I think it might be in the right ballpark.
How does that sound to people?
Linus
