sahib
commented
3 years ago I'm already working on that (see #48). I'm hopefully getting it done today. Afterwards users can give hints on what files should use which algorithms. It's a bit more generic than a command line switch, since we might introduce more options for streaming later.
I was also thinking about a default auto-detection, i.e. run a very short benchmark on daemon start or try to detect if the machine supports AES-NI. If not, we can default to ChaCha20.
User should be able to choose performance over security. We can do encryption with
AESgolden standard (but slow on old machines without hardware implementation) orChaCha20which is fast but somewhat less tested.One of the bottlenecks with 35MB/s for
catis sitting inAESdecryption in my machine. If I switch toChaCha20I get around 80 MB/s (@sahib had similar case according to comments in the code). Maybe we better be fast then sorry?Ideally, we need a config setting for a choice of default encryption and possibly a switch for command line staging as well.
Currently, a user has no saying which encryption to use, since we hard coded the choice. See https://github.com/sahib/brig/blob/c29348532553a533edee7e249574b48b8cb51f23/catfs/mio/encrypt/format.go#L60
Originally posted by @evgmik in https://github.com/sahib/brig/issues/49#issuecomment-761838914