> On Apr 26, 2019, at 11:02 AM, Theodore Ts'o <ty...@mit.edu> wrote:
>
>> On Fri, Apr 26, 2019 at 10:44:20AM -0700, Eric Biggers wrote:
>> Would it be possibly to call ChaCha20 through the actual crypto API so that
>> SIMD
>> instructions (e.g. AVX-2) could be used? That would make it *much* faster.
>> Also consider AES-CTR with AES-NI instructions.
>
> It's not obvious SIMD instructions will be faster in practice, since
> it requires saving and restoring the vector/FPU registers. If you're
> going to be doing a *lot* of vector processing (for example when doing
> block-level RAID-5 / RAID-6 computations), it might be worth it. But
> if you're only going to be turning the crank for 12 or 20 rounds, the
> overhead of calling kernel_fpu_begin() and kernel_fpu_end() is
> probably going to make this worth it.
>
So generate a whole page or more of random bytes at a time and save them up for
when they’re needed.
