[pkg-gnupg-maint] Bug#848951: Bug#848951: gnupg: Utilize multiple cores on CPU for encryption and decryption (and compression)

Witold Baryluk witold.baryluk at gmail.com
Wed Dec 21 16:47:35 UTC 2016


Hi.

Of course by 'ciphers', I meant 'cipher modes'.

Everybody know CTR is easy to parallelize and easy to understand implement,
but these days OCB, (still pattented?) or GCM are probably preffered.

CCM is another options -
http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ccm/ccm.pdf

The authentication stages need to be serialized in most of these modes, but
still most of the work can be parallelized, and if authentication stage is
faster than encryption, it should not be a bottlneck for performance.

Good to see some people are looking into it. Would be nice to have
realistic optimized implementations for different machines / archs / core
counts and see how they perform. In the end it is better to implement only
one, to make alternative implementations easier to writes and review, and
lower the complexity and attack surface.

I cannot really discuss much on legal side of different modes, or their
security properties. I will leave that to smarter people than me.

Thanks.



2016-12-21 16:31 GMT+01:00 Boyan Penkov <boyan.penkov at gmail.com>:

>
>
> On 12/21/2016 10:25 AM, Werner Koch wrote:
> > On Wed, 21 Dec 2016 14:33, boyan.penkov at gmail.com said:
> >
> >> Is this straighforward?  What changes should I make to gpg.conf to give
> >> this a shot?
> > You need to convince the OpenPGP WG that OCB is the way forward.  The
> > prefer other and slower modes due to patents on PCB.
>
> Aha, I see... ;)  I am indeed rather new to GPG....
>
> Regardless, thanks for all your work!
>
> > However, these
> > patents are freely licensed to basically all software.  And then we need
> > to implement this in GnuPG...
> >
> >
> > Shalom-Salam,
> >
> >    Werner
> >
>
> --
>
> Boyan Penkov
> www.boyanpenkov.com
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161221/3cd5dec9/attachment-0001.html>


More information about the pkg-gnupg-maint mailing list