On Fri, Aug 7, 2020 at 10:55 AM Andy Lutomirski luto@amacapital.net wrote:
I think the real random.c can run plenty fast. It’s ChaCha20 plus ludicrous overhead right now.
I doubt it.
I tried something very much like that in user space to just see how many cycles it ended up being.
I made a "just raw ChaCha20", and it was already much too slow for what some of the networking people claim to want.
And maybe they are asking for too much, but if they think it's too slow, they'll not use it, and then we're back to square one.
Now, what *might* be acceptable is to not do ChaCha20, but simply do a single double-round of it.
So after doing 10 prandom_u32() calls, you'd have done a full ChaCha20. I didn't actually try that, but from looking at the costs from trying the full thing, I think it might be in the right ballpark.
How does that sound to people?
Linus