On 07/11/2012 05:10 PM, David Magda wrote:
> On Wed, July 11, 2012 09:45, Sašo Kiselkov wrote:
>> I'm not convinced waiting makes much sense. The SHA-3 standardization
>> process' goals are different from "ours". SHA-3 can choose to go with
>> something that's slower, but has a higher security margin. I think that
>> absolute super-tight security isn't all that necessary for ZFS, since
>> the hash isn't used for security purposes. We only need something that's
>> fast and has a good pseudo-random output distribution. That's why I
>> looked toward Edon-R. Even though it might have security problems in
>> itself, it's by far the fastest algorithm in the entire competition.
> Fair enough, though I think eventually the SHA-3 winner will be
> incorporated into hardware (or at least certain instructions used in the
> algorithm will). I think waiting a few more weeks/months shouldn't be a
> big deal, as the winner should be announced Real Soon Now, and then a more
> informed decision can probably be made.
The AES process winner had been announced in October 2000. Considering
AES-NI was proposed in March 2008 and first silicon for it appeared
around January 2010, I wouldn't hold my breath hoping for hardware
SHA-3-specific acceleration getting a widespread foothold for at least
another 5-10 years (around 2-3 technology generations).
That being said, a lot can be achieved using SIMD instructions, but that
doesn't depend on the SHA-3 process in any way.
zfs-discuss mailing list