summaryrefslogtreecommitdiffstats
path: root/plugin/auth_ed25519/README
diff options
context:
space:
mode:
Diffstat (limited to 'plugin/auth_ed25519/README')
-rw-r--r--plugin/auth_ed25519/README27
1 files changed, 27 insertions, 0 deletions
diff --git a/plugin/auth_ed25519/README b/plugin/auth_ed25519/README
new file mode 100644
index 00000000..e65a33e6
--- /dev/null
+++ b/plugin/auth_ed25519/README
@@ -0,0 +1,27 @@
+This plugin uses public domain ed25519 code
+by Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, Bo-Yin Yang.
+
+It is "ref10" implementation from the SUPERCOP:
+https://bench.cr.yp.to/supercop.html
+
+OpenSSH also uses ed25519 from SUPERCOP, but "ref" implementation.
+
+There are four ed25519 implementations in SUPERCOP, ref10 is faster then ref,
+and there are two that are even faster, written in amd64 assembler.
+Benchmarks are here: https://bench.cr.yp.to/impl-sign/ed25519.html
+
+==============================
+MariaDB changes:
+
+API functions were simplified to better fit our use case:
+* crypto_sign_open() does not return the verified message, only the
+ result of the verification (passed/failed)
+* no secret key is generated explicitly, user specified password is used
+ as a source of randomness instead (SHA512("user password")).
+* lengths are not returned, where they're known in advance
+ (e.g. from crypto_sign()).
+* crypto_sign() does not take the public key as an argument, but
+ generates it on the fly (we used to generate public key before
+ crypto_sign(), doing it internally avoids double work).
+
+See the changes done in this commit.