Re: [openpgp] SHA-x performance
Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 14 August 2015 09:30 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 995BD1A710D for <openpgp@ietfa.amsl.com>; Fri, 14 Aug 2015 02:30:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.011
X-Spam-Level:
X-Spam-Status: No, score=-0.011 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oDiF-sc8Oini for <openpgp@ietfa.amsl.com>; Fri, 14 Aug 2015 02:30:29 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 823451A7013 for <openpgp@ietf.org>; Fri, 14 Aug 2015 02:30:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1439544629; x=1471080629; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=C+YN/S0NSvS6REaMNeesZJ4oS5+mbRSjqYxvZTGRrLI=; b=e/TrClhv3lm5Ugh6RC/RyjcknP68eL+8ZLvcRhprzxUXpEJduUU2jHGz qZZR1imRJZTBy04Eni+FMMvB91pTHGFHyoEy0EMBPGf7Vh13e6WbOU0O5 MK+YtEvLCCKpBPBD48OvqRfKiqBRPoNZHNe1qgedwBYOYk41bW1Y2XqxT /5bV+tpKDghk+4lE1EsZKVTCAlSi5Zh1APmG07JHg0tKIxhcwp3Uu1de3 7gZNJM7Ac3etoXB0SjvVDMP4IYXyDfbuL5uskIHYfaIe5OVMuEr9dOX0H jfoaWNtkG8Nmc4oRwj/2W1vXLdW3/PU4j8B3gzSAlM2Z7CoxP1ASrIF6C Q==;
X-IronPort-AV: E=Sophos;i="5.15,676,1432555200"; d="scan'208";a="35122966"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.171 - Outgoing - Outgoing
Received: from uxchange10-fe4.uoa.auckland.ac.nz ([130.216.4.171]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 14 Aug 2015 21:30:24 +1200
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.48]) by uxchange10-fe4.UoA.auckland.ac.nz ([169.254.109.63]) with mapi id 14.03.0174.001; Fri, 14 Aug 2015 21:30:24 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: ianG <iang@iang.org>, "openpgp@ietf.org" <openpgp@ietf.org>
Thread-Topic: [openpgp] SHA-x performance
Thread-Index: AQHQ1HVJQ9dFbQGKcEKa6BiYPQDA/J4HnlTQ///z3YCAA6wbrg==
Date: Fri, 14 Aug 2015 09:30:24 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4ADA96F@uxcn10-5.UoA.auckland.ac.nz>
References: <87y4hmi19i.fsf@vigenere.g10code.de> <7540C7A9-2830-4A63-8310-B684796DA279@nohats.ca> <55C681FC.9010100@iang.org> <sjma8tztbgo.fsf@securerf.ihtfp.org> <CAMm+Lwj7SxXTn+KD-eQSeZHwJB36tCgD1t0bodVsp3ovOaZ8mw@mail.gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4AD7C72@uxcn10-5.UoA.auckland.ac.nz> <87io8lpzu4.fsf@alice.fifthhorseman.net> <9A043F3CF02CD34C8E74AC1594475C73F4AD7F8E@uxcn10-5.UoA.auckland.ac.nz> <87mvxxenss.fsf_-_@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4AD8086@uxcn10-5.UoA.auckland.ac.nz>, <878u9hefcs.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4AD85CC@uxcn10-5.UoA.auckland.ac.nz>, <55CB48EB.5090403@iang.org>
In-Reply-To: <55CB48EB.5090403@iang.org>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/QPswVi1HvND8-rtc_rgfhk_U2wI>
Subject: Re: [openpgp] SHA-x performance
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2015 09:30:34 -0000
ianG <iang@iang.org> writes: >To what extent are we accepting the embedded market as "our market" ? It's not a case of "now we want to target 8051's" but more a case of "the same hardware that can currently employ PGP shouldn't be prevented from employing it in the future because of a change to an overly heavyweight algorithm". Switching from SHA-1 to SHA-256 isn't a big deal, but going to SHA-512 with its order-of-magnitude slowdown over -256 is. An example of a typical target device was the one mentioned in another post by Yutaka Niibe, an STM32F103, which is a Cortex M3 that I mentioned earlier. A more recent, and also very popular one, is the M0 (released five years after the M3, but with much more minimal capabilities, I'd set the minimum target at an M3 in that if you want to be doing crypto you shouldn't be using an M0). >Is this something that already exists in the sense that a lot of them are >already doing OpenPGP signing for some purpose? Use of PGP in embedded is basically nonexistent, so it's more a case of "this could be useful in the future". The stuff will have to be secured in some manner, and being able to present PGP as a candidate would be good. (To put this into perspective, there's an apparently neverending stream of checkbox-engineered security standards and best-practices for things like smart meters where the developers are being asked to implement X.509 cert handling, SCEP for cert enrolment, TLS for reporting, and SSH for remote management, on an M0 realtime system (so no task can hold up the CPU for more than, say, 10ms) with 4kB RAM and 32kB flash total. Now admittedly PGP won't fit into that either, but it's slightly less insane than the wishlists being promulgated by industry groups. I have no idea what developers are doing in response to this disconnect from reality in the requirements, but I'm guessing it'll provide fodder for Black Hat and Defcon talks for years to come). Peter.
- [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Paul Wouters
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Christoph Anton Mitterer
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Christoph Anton Mitterer
- Re: [openpgp] SHA3 algorithm ids. Stephen Farrell
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Paul Wouters
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- [openpgp] Why or why not SHA{2,3}-512 (was: SHA3 … Werner Koch
- [openpgp] WWhy or why not SHA{2,3}-512 (was: SHA3… Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Daniel Kahn Gillmor
- Re: [openpgp] SHA3 algorithm ids. Daniel Kahn Gillmor
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- [openpgp] SHA-x performance (was: SHA3 algorithm … Werner Koch
- Re: [openpgp] SHA-x performance (was: SHA3 algori… Daniel Kahn Gillmor
- Re: [openpgp] SHA-x performance (was: SHA3 algori… Peter Gutmann
- Re: [openpgp] SHA-x performance (was: SHA3 algori… Dang, Quynh
- Re: [openpgp] SHA-x performance Werner Koch
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA-x performance Werner Koch
- Re: [openpgp] Why or why not SHA{2, 3}-512 (was: … Phillip Hallam-Baker
- Re: [openpgp] SHA-x performance Peter Gutmann
- Re: [openpgp] Why or why not SHA{2, 3}-512 Werner Koch
- Re: [openpgp] SHA-x performance ianG
- Re: [openpgp] SHA-x performance Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA-x performance ianG
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA-x performance Bill Frantz
- Re: [openpgp] SHA-x performance Hilarie Orman
- Re: [openpgp] WWhy or why not SHA{2, 3}-512 (was:… Phillip Hallam-Baker
- Re: [openpgp] SHA-x performance NIIBE Yutaka
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA-x performance Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Bill Frantz
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA3 algorithm ids. Bill Frantz
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Andrey Jivsov
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Robert J. Hansen
- Re: [openpgp] SHA3 algorithm ids. Werner Koch