Open DemiMarie opened 8 years ago
ntimeu
commented
8 years ago Hi,
With a pure library written in rust, the code doesn't require any unsafe code, which means that most of the code is "safe" at compile-time. With inline assembly, the code would loose its safety (assembly is not checked by the compiler), and thus would loose its advantages.
IMHO, when needing higher speed you should consider using quininer/argon2-rs, which is a binding to the C version.
briansmith
commented
8 years ago Argon2 is one of the few cases where the safety is a function of the speed, and where you really need it to be as fast as possible in order to offer the most safety. That is, the slower the Argon2 implementation is, the more users are forced to choose smaller/weaker parameters.
Ideally, the Rust code could be made to perform at the same speed as assembly language code, but that's unlikely to be the case for highly-optimized asm. In ring we have quite a bit of experience with safely using assembly language code from Rust. Let me know if you need any help reviewing any interfacing of Rust and assembly language code.
I think inline asm is a bad idea. Instead, just use separate .S/.asm files. That way, you can probably share the work of maintaining the assembly language code with other (C) projects. Also, inline assembly only works in Rust Nightly but probably most people that are looking for a bulletproof Argon2 implementation in Rust would want to use Rust Stable.
bryant
commented
7 years ago Have any of you even tried the benchmarks? Take a look at the README. We've already for quite some time been competitive with the C impl (a bit faster, even), which itself uses hand-assembly to compute G. How much more speed can you really eke out?
briansmith
commented
7 years ago Have any of you even tried the benchmarks?
Just to be clear, my comment was just saying that, if assembly language is used, it would be better if it weren't inline.
Unlike other cryptographic primitives, higher speeds for password hashing directly translate into improved security, as it allows the hash function to run for longer and thus linearly increases the attacker's costs. Therefore, optimizations such as the use of assembler may be justified.