8e07b51739
Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (https://eprint.iacr.org/2018/349) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away... XXX pullup-7 XXX pullup-8 XXX pullup-9 |
||
|---|---|---|
| .. | ||
| Makefile.kern.inc | ||
| assym.mk | ||
| compat_netbsd.config | ||
| compat_netbsd09.config | ||
| compat_netbsd10.config | ||
| compat_netbsd11.config | ||
| compat_netbsd12.config | ||
| compat_netbsd13.config | ||
| compat_netbsd14.config | ||
| compat_netbsd15.config | ||
| compat_netbsd16.config | ||
| compat_netbsd20.config | ||
| compat_netbsd30.config | ||
| compat_netbsd40.config | ||
| compat_netbsd50.config | ||
| compat_netbsd60.config | ||
| compat_netbsd70.config | ||
| compat_netbsd80.config | ||
| copts.mk | ||
| copyright | ||
| cscope.mk | ||
| debugsyms.c | ||
| dts.mk | ||
| files | ||
| filesystems.config | ||
| gdbinit.mk | ||
| genassym.cf | ||
| ldscript.mk | ||
| linkset | ||
| lint.mk | ||
| majors | ||
| majors.std | ||
| majors.storage | ||
| majors.tty | ||
| majors.usb | ||
| majors.ws | ||
| mdroot.mk | ||
| mkldscript.sh | ||
| newvers.mk | ||
| newvers.sh | ||
| newvers_stand.mk | ||
| newvers_stand.sh | ||
| osrelease.sh | ||
| param.c | ||
| ssp.mk | ||
| std | ||