From: Eric Biggers <ebiggers@kernel.org>
To: "Rusydi H. Makarim" <rusydi.makarim@kriptograf.id>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
Ard Biesheuvel <ardb@kernel.org>,
linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org
Subject: Re: [PATCH 0/3] Implementation of Ascon-Hash256
Date: Thu, 1 Jan 2026 13:06:02 -0800 [thread overview]
Message-ID: <20260101210602.GA6718@sol> (raw)
In-Reply-To: <aVTq6HaRr4G2gmho@Rusydis-MacBook-Air.local>
On Wed, Dec 31, 2025 at 04:20:40PM +0700, Rusydi H. Makarim wrote:
> On Tue, Dec 16, 2025 at 08:06:17PM -0800, Eric Biggers wrote:
> > On Wed, Dec 17, 2025 at 10:33:22AM +0700, Rusydi H. Makarim wrote:
> > > On 2025-12-17 01:02, Eric Biggers wrote:
> > > > On Tue, Dec 16, 2025 at 01:27:17PM +0700, Rusydi H. Makarim wrote:
> > > > > While no direct in-kernel use as of now
> > > >
> > > > Thanks for confirming. We only add algorithms when there is a real
> > > > user, so it's best to hold off on this for now.
> > > >
> > > > - Eric
> > >
> > > Rather than leaving this work idle, would it be better to move the
> > > implementation entirely into the Crypto API ?
> >
> > No, that's actually the most problematic part because it would put it in
> > the name-based registry and become impossible to change later.
> >
> > There's a large maintenance cost to supporting algorithms. We've
> > learned this the hard way. In the past the requirements to add new
> > algorithms to the kernel were much more relaxed, and as a result, the
> > Linux kernel community has ended up wasting lots of time maintaining
> > unused, unnecessary, or insecure code.
> >
> > Just recently I removed a couple algorithms (keywrap and vmac). Looking
> > back in more detail, there was actually never any use case presented for
> > their inclusion, and they were never used. So all the effort spent
> > reviewing and maintaining that code was just wasted. We could have just
> > never added them in the first place and saved tons of time.
>
> Looking at both lib/crypto/ and crypto/ directories, I initially did not
> have an impression that mandatory in-kernel use of a cryptographic hash
> function is a strict requirement for its inclusion in the linux kernel.
It's no different from any other Linux kernel feature.
> On the other hand, I am also keen to see its possible use cases in the linux
> kernel. Ascon-Hash256 specifically can be an alternative to SHA-256. For
> instance, it can be an additional option of hash function in fs-verity for
> processors with no SHA256 dedicated instructions. If that something that
> interests you, I am open for further discussion.
I haven't actually seen any demand for alternative hash functions in
fs-verity. Though, dm-verity is sometimes used with BLAKE2b for the
reason you mention. But this also means the kernel crypto subsystem
already has alternatives to SHA-256. With that being the case, it's not
clear that adding another one would bring anything new to the table.
How does the performance compare with BLAKE2s and BLAKE2b?
- Eric
next prev parent reply other threads:[~2026-01-01 21:06 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-15 7:54 [PATCH 0/3] Implementation of Ascon-Hash256 Rusydi H. Makarim
2025-12-15 7:54 ` [PATCH 1/3] lib/crypto: Add KUnit test vectors for Ascon-Hash256 Rusydi H. Makarim
2025-12-19 4:29 ` kernel test robot
2025-12-22 17:11 ` kernel test robot
2025-12-15 7:54 ` [PATCH 2/3] lib/crypto: Initial implementation of Ascon-Hash256 Rusydi H. Makarim
2025-12-15 23:01 ` kernel test robot
2025-12-20 15:34 ` kernel test robot
2025-12-20 16:20 ` kernel test robot
2025-12-22 17:41 ` kernel test robot
2025-12-15 7:54 ` [PATCH 3/3] crypto: Crypto API " Rusydi H. Makarim
2025-12-15 20:19 ` [PATCH 0/3] Implementation " Eric Biggers
2025-12-16 6:27 ` Rusydi H. Makarim
2025-12-16 18:02 ` Eric Biggers
[not found] ` <bb05699bc7922bb3668082367b4750f2@kriptograf.id>
2025-12-17 4:06 ` Eric Biggers
2025-12-31 9:20 ` Rusydi H. Makarim
2026-01-01 21:06 ` Eric Biggers [this message]
2026-01-01 23:35 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260101210602.GA6718@sol \
--to=ebiggers@kernel.org \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rusydi.makarim@kriptograf.id \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).