-1

I tried to search across the internet, but was unable to find something. So question is: What is better to use? OS provided cryptographic API or manually implemented/library provided algorithms?

I know that, when CPU enters in kernel mode after OS system call, it consumes large amount of CPU cycles, but on the other hand I know that OS can use hardware accerelated cryptography. So what is situation in real world? Is it worth to use OS Cryptographic API?

For example project that I work on, uses CRC32 and MD5 algorithms.

EDIT: My primary goal is to select fastest approach and secondary is to know all cons and pros.

Inline
  • 2,566
  • 1
  • 16
  • 32
  • CRCs are not cryptography. And hashes are a side-aspect of cryptography. – too honest for this site Mar 19 '17 at 18:27
  • @olaf , both Linux and Windows provide md5 and crc functions in their crypto api. – Inline Mar 19 '17 at 18:32
  • Depends on what is "best". Externally provided libraries/OS can have back doors. Own implementation can (will) have bugs. – Paul Ogilvie Mar 19 '17 at 18:35
  • @Inline: So, then CRC **must** be cryptography! All CS books must be wrong then! Note that CRC is not suitable as integrity check against inteional modifications. It can easily be recalculated. – too honest for this site Mar 19 '17 at 18:41
  • @Olaf , I use word cryptography in this question only with 'API'. I don't mean that hash functions are cryptography as section of science. I mean that Windows and Linux implemented crc and md5 functions in their crypto api. It's misunderstanding. Help me correct my question if it's confusing. – Inline Mar 19 '17 at 18:48
  • Generally speaking, writing your crypto routines is a Bad Idea. There are numerous things that can go wrong, such as side channel attacks, that will render is usless from a security standpoint. Existing crypto libraries are written by people with experience in this type of development and have accounted for things like this. Also, you're unlikely to write something that will outperform one of these libraries due to the aformentioned experience. – dbush Mar 19 '17 at 21:41

2 Answers2

1

MD5 is probably available everywhere. CRC32 is so simple (and not really cryptography) that you can just include or implement it directly in your application.

The Windows crypto API supports multiple providers and the default provider is probably fully implemented in user mode without switching to kernel mode for most things. The PRng and AES encryption might be implemented in hardware.

What is your goal? Speed? No backdoors? Obscure algorithms?

Anders
  • 97,548
  • 12
  • 110
  • 164
0

There are hardware accelerators for TLS but are are used primarily for public key encryption. Unless you have specialized Bitcoin mining hardware, hashing will be done userside and in software. Use what is most convenient.

doron
  • 27,972
  • 12
  • 65
  • 103
  • Crypto support in hardware is quite common in the CPU instruction set in a hardware crypto engine. Examples are Intel CPU instructions and iPhones having a hardware crypto engine. – zaph Mar 19 '17 at 20:52