On Sat, May 18, 2019 at 02:38:08AM +0200, Adam Borowski wrote: > On Fri, May 17, 2019 at 09:07:03PM +0200, Johannes Thumshirn wrote: > > On Fri, May 17, 2019 at 08:36:23PM +0200, Diego Calleja wrote: > > > If btrfs needs an algorithm with good performance/security ratio, I would > > > suggest considering BLAKE2 [1]. It is based in the BLAKE algorithm that made > > > to the final round in the SHA3 competition, it is considered pretty secure > > > (above SHA2 at least), and it was designed to take advantage of modern CPU > > > features and be as fast as possible - it even beats SHA1 in that regard. It is > > > not currently in the kernel but Wireguard uses it and will add an > > > implementation when it's merged (but Wireguard doesn't use the crypto layer > > > for some reason...) > > > > SHA3 is on my list of other candidates to look at for a performance > > evaluation. As for BLAKE2 I haven't done too much research on it and I'm not a > > cryptographer so I have to trust FIPS et al. > > "Trust FIPS" is the main problem here. Until recently, FIPS certification > required implementing this nice random generator: > https://en.wikipedia.org/wiki/Dual_EC_DRBG > > Thus, a good part of people are reluctant to use hash functions chosen by > NIST (and published as FIPS). I know, but please also understand that there are applications which do require FIPS certified algorithms. Byte, Johannes -- Johannes Thumshirn SUSE Labs Filesystems jthumshirn@xxxxxxx +49 911 74053 689 SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 21284 (AG Nürnberg) Key fingerprint = EC38 9CAB C2C4 F25D 8600 D0D0 0393 969D 2D76 0850
