From: Jan Glauber <jglauber@cavium.com>
To: Theodore Ts'o <tytso@mit.edu>
Cc: Oliver Mangold <o.mangold@gmail.com>, linux-crypto@vger.kernel.org
Subject: Re: Poor RNG performance on Ryzen
Date: Tue, 25 Jul 2017 08:20:19 +0200 [thread overview]
Message-ID: <20170725062019.GA5429@wintermute> (raw)
In-Reply-To: <20170722181641.ru33olaiougqpr2d@thunk.org>
On Sat, Jul 22, 2017 at 02:16:41PM -0400, Theodore Ts'o wrote:
> On Fri, Jul 21, 2017 at 04:55:12PM +0200, Oliver Mangold wrote:
> > On 21.07.2017 16:47, Theodore Ts'o wrote:
> > > On Fri, Jul 21, 2017 at 01:39:13PM +0200, Oliver Mangold wrote:
> > > > Better, but obviously there is still much room for improvement by reducing
> > > > the number of calls to RDRAND.
> > > Hmm, is there some way we can easily tell we are running on Ryzen? Or
> > > do we believe this is going to be true for all AMD devices?
> > I would like to note that my first measurement on Broadwell suggest that the
> > current frequency of RDRAND calls seems to slow things down on Intel also
> > (but not as much as on Ryzen).
>
> On my T470 laptop (with an Intel mobile core i7 processor), using your
> benchmark, I am getting 136 MB/s, versus your 75 MB/s. But so what?
>
> More realistically, if we are generating 256 bit keys (so we're
> reading from /dev/urandom 32 bytes at a time), it takes 2.24
> microseconds per key generation. What do you get when you run:
>
> dd if=/dev/urandom of=/dev/zero bs=256 count=1000000
>
> Even if on Ryzen it's slower by a factor of two, 5 microseconds per
> key generation is pretty fast! The time to do the Diffie-Hellman
> exchange and the RSA operations will probably completely swamp the
> time to generate the session key.
>
> And if you think 2.24 or 5 microseconds is to slow for the IV
> generation --- then use a userspace ChaCha20 CRNG for that purpose.
>
> I'm not really sure I see a real-life operational problem here.
>
> - Ted
While I agree that it is not an issue if the hardware is just slow I
still wonder why we read 8 bytes with arch_get_random_long() and
only use half of them as Oliver pointed out.
If arch_get_random_int() is not slower on Intel we could use that.
Or am I missing something?
--Jan
next prev parent reply other threads:[~2017-07-25 6:20 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-21 7:12 Poor RNG performance on Ryzen Oliver Mangold
2017-07-21 9:26 ` Jan Glauber
2017-07-21 11:39 ` Oliver Mangold
2017-07-21 14:47 ` Theodore Ts'o
2017-07-21 14:55 ` Oliver Mangold
2017-07-22 18:16 ` Theodore Ts'o
2017-07-25 6:20 ` Jan Glauber [this message]
2017-07-21 15:04 ` Gary R Hook
2017-07-21 12:11 ` Jeffrey Walton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170725062019.GA5429@wintermute \
--to=jglauber@cavium.com \
--cc=linux-crypto@vger.kernel.org \
--cc=o.mangold@gmail.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.