xserver dependency on crypto library because of a hashmap
Marek Behun
kabel at blackhole.sk
Thu Jun 12 16:59:32 PDT 2014
I still am of the opinion that there should be used some simpler hash
function. If it was the case that the sha1 hash was the best option,
here I present my opinion on why an external implementation is
irrelevant and does not make a difference on effectivity.
> I believe all of those have been in the SSL/TLS layers, and not down
> in the cryptographic hash primitives themselves.
Yes, that is true, xserver isn't making itself vulnerable by using the
library. I am aware that many applications depend on openssl because of
similar stuff, but all these applications together are making it
difficult for the whole system not to depend on openssl. Perhaps the
distribution does not need security library because of security at all,
and these applications pull in the whole library (or some other),
because they need some simple stuff like sha1.
It would be something different if xserver wanted to make it a runtime
configuration parameter - which hash to use for a hashmap. Then
depending on a hash/crypto library is understandable: I'm not going to
rewrite every hash function into my source code. But if I need only one
hash function, there should at least be an option to use internal
implementation.
> One of the prime motivators we had for moving to an externally
> maintained SHA-1 implementation for Xorg was to let someone else deal
> with all the optimizations for specific CPUs and let us simply reap
> the benefits of their work.
As I understand it, such optimizations make a difference for large
inputs or when the hash function is called significantly many times.
Thus I made an experiment: on my computer the openssl implementation is
cca 100% faster than the naive implementation in C.
That is: for 10*1024*1024 random strings of random length between
300-1000 the openssl implementation took 10 seconds of CPU time, the
naive implementation took 19.5 seconds. I chose the length from 300 to
1000 because such lengths were used by the HashGlyph function.
How frequently is HashGlyph called? On my computer by normal usage it
was called 10 000 times per hour. Even on a 50× slower computer than
mine that would take cca 1 sec per hour of CPU time for hashing glyphs.
The openssl implementation would take 0.5 sec per hour.
In my opinion the effectivity of optimized sha1 is irrelevant for
HashGlyph. Please, can someone make me wrong?
Marek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-devel/attachments/20140613/61a0d2e8/attachment.sig>
More information about the xorg-devel
mailing list