On Sat, May 18, 2019 at 02:38:08AM +0200, Adam Borowski wrote:
> On Fri, May 17, 2019 at 09:07:03PM +0200, Johannes Thumshirn wrote:
> > On Fri, May 17, 2019 at 08:36:23PM +0200, Diego Calleja wrote:
> > > If btrfs needs an algorithm with good performance/security ratio, I would
> > > suggest considering BLAKE2 [1]. It is based in the BLAKE algorithm that
> > > made
> > > to the final round in the SHA3 competition, it is considered pretty
> > > secure
> > > (above SHA2 at least), and it was designed to take advantage of modern
> > > CPU
> > > features and be as fast as possible - it even beats SHA1 in that regard.
> > > It is
> > > not currently in the kernel but Wireguard uses it and will add an
> > > implementation when it's merged (but Wireguard doesn't use the crypto
> > > layer
> > > for some reason...)
> >
> > SHA3 is on my list of other candidates to look at for a performance
> > evaluation. As for BLAKE2 I haven't done too much research on it and I'm
> > not a
> > cryptographer so I have to trust FIPS et al.
>
> "Trust FIPS" is the main problem here. Until recently, FIPS certification
> required implementing this nice random generator:
> https://en.wikipedia.org/wiki/Dual_EC_DRBG
>
> Thus, a good part of people are reluctant to use hash functions chosen by
> NIST (and published as FIPS).
I know, but please also understand that there are applications which do
require FIPS certified algorithms.
Byte,
Johannes
--
Johannes Thumshirn SUSE Labs Filesystems
[email protected] +49 911 74053 689
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah
HRB 21284 (AG Nürnberg)
Key fingerprint = EC38 9CAB C2C4 F25D 8600 D0D0 0393 969D 2D76 0850
