From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: "Toke Høiland-Jørgensen" <toke@redhat.com>
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
Geert Uytterhoeven <geert@linux-m68k.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Ard Biesheuvel <ardb@kernel.org>,
Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>,
linux-crypto@vger.kernel.org, Erik Kline <ek@google.com>,
Fernando Gont <fgont@si6networks.com>,
Lorenzo Colitti <lorenzo@google.com>,
hideaki.yoshifuji@miraclelinux.com,
Hannes Frederic Sowa <hannes@stressinduktion.org>
Subject: Re: [PATCH RFC v1 2/3] ipv6: move from sha1 to blake2s in address calculation
Date: Thu, 13 Jan 2022 00:31:48 +0100 [thread overview]
Message-ID: <CAHmME9pieaBBhKc1uKABjTmeKAL_t-CZa_WjCVnUr_Y1_D7A0g@mail.gmail.com> (raw)
In-Reply-To: <87r19cftbr.fsf@toke.dk>
Hi Toke,
On 1/13/22, Toke Høiland-Jørgensen <toke@redhat.com> wrote:
> However, if we make this change, systems setting a stable_secret and
> using addr_gen_mode 2 or 3 will come up with a completely different
> address after a kernel upgrade. Which would be bad for any operator
> expecting to be able to find their machine again after a reboot,
> especially if it is accessed remotely.
>
> I haven't ever used this feature myself, though, or seen it in use. So I
> don't know if this is purely a theoretical concern, or if the
> stable_address feature is actually used in this way in practice. If it
> is, I guess the switch would have to be opt-in, which kinda defeats the
> purpose, no (i.e., we'd have to keep the SHA1 code around
I'm not even so sure that's true. That was my worry at first, but
actually, looking at this more closely, DAD means that the address can
be changed anyway - a byte counter is hashed in - so there's no
gurantee there.
There's also the other aspect that open coding sha1_transform like
this and prepending it with the secret (rather than a better
construction) isn't so great... Take a look at the latest version of
this in my branch to see a really nice simplification and security
improvement:
https://git.zx2c4.com/linux-dev/log/?h=remove-sha1
Jason
next prev parent reply other threads:[~2022-01-12 23:32 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-12 13:12 [PATCH RFC v1 0/3] remove remaining users of SHA-1 Jason A. Donenfeld
2022-01-12 13:12 ` [PATCH RFC v1 1/3] bpf: move from sha1 to blake2s in tag calculation Jason A. Donenfeld
2022-01-12 22:56 ` Toke Høiland-Jørgensen
2022-01-13 1:33 ` Alexei Starovoitov
2022-01-13 12:27 ` Jason A. Donenfeld
2022-01-13 22:45 ` Alexei Starovoitov
2022-01-14 8:33 ` Geert Uytterhoeven
2022-01-14 14:12 ` Jason A. Donenfeld
2022-01-14 15:08 ` Ard Biesheuvel
2022-01-14 15:20 ` Jason A. Donenfeld
2022-01-14 15:36 ` Geert Uytterhoeven
2022-01-14 15:59 ` David Laight
2022-01-14 16:19 ` Alexei Starovoitov
2022-01-14 16:34 ` Jason A. Donenfeld
2022-01-14 23:04 ` Jeffrey Walton
2022-01-12 13:12 ` [PATCH RFC v1 2/3] ipv6: move from sha1 to blake2s in address calculation Jason A. Donenfeld
2022-01-12 15:49 ` Jason A. Donenfeld
2022-01-12 23:05 ` Toke Høiland-Jørgensen
2022-01-12 23:31 ` Jason A. Donenfeld [this message]
2022-01-13 11:15 ` Hannes Frederic Sowa
2022-01-13 12:06 ` Ard Biesheuvel
2022-01-13 12:22 ` Jason A. Donenfeld
2022-01-13 12:29 ` Ard Biesheuvel
2022-01-13 13:30 ` Toke Høiland-Jørgensen
2022-01-13 13:40 ` Ard Biesheuvel
2022-01-13 13:45 ` Jason A. Donenfeld
2022-01-13 13:50 ` Ard Biesheuvel
2022-01-13 13:54 ` Jason A. Donenfeld
2022-01-13 16:18 ` Toke Høiland-Jørgensen
2022-01-14 16:07 ` Jason A. Donenfeld
2022-01-14 16:57 ` Toke Høiland-Jørgensen
2022-01-14 17:41 ` Hannes Frederic Sowa
2022-01-14 17:58 ` Jason A. Donenfeld
2022-01-12 13:12 ` [PATCH RFC v1 3/3] crypto: sha1_generic - import lib/sha1.c locally Jason A. Donenfeld
2022-01-12 18:50 ` [PATCH RFC v1 0/3] remove remaining users of SHA-1 David Sterba
2022-01-12 18:57 ` Jason A. Donenfeld
2022-01-13 3:24 ` Sandy Harris
2022-01-13 8:08 ` Ard Biesheuvel
2022-01-13 17:28 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHmME9pieaBBhKc1uKABjTmeKAL_t-CZa_WjCVnUr_Y1_D7A0g@mail.gmail.com \
--to=jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=ek@google.com \
--cc=fgont@si6networks.com \
--cc=geert@linux-m68k.org \
--cc=hannes@stressinduktion.org \
--cc=herbert@gondor.apana.org.au \
--cc=hideaki.yoshifuji@miraclelinux.com \
--cc=jeanphilippe.aumasson@gmail.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lorenzo@google.com \
--cc=netdev@vger.kernel.org \
--cc=toke@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.