From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: "Toke Høiland-Jørgensen" <toke@redhat.com>,
Netdev <netdev@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
"Geert Uytterhoeven" <geert@linux-m68k.org>,
"Herbert Xu" <herbert@gondor.apana.org.au>,
"Ard Biesheuvel" <ardb@kernel.org>,
"Jean-Philippe Aumasson" <jeanphilippe.aumasson@gmail.com>,
"Linux Crypto Mailing List" <linux-crypto@vger.kernel.org>,
"Erik Kline" <ek@google.com>,
"Fernando Gont" <fgont@si6networks.com>,
"Lorenzo Colitti" <lorenzo@google.com>,
"Hideaki Yoshifuji" <hideaki.yoshifuji@miraclelinux.com>
Subject: Re: [PATCH RFC v1 2/3] ipv6: move from sha1 to blake2s in address calculation
Date: Fri, 14 Jan 2022 18:58:09 +0100 [thread overview]
Message-ID: <CAHmME9qy4-qkBAD9fJ6jqHxw2DYtscerZdriMYXw1T4iPD6Y-A@mail.gmail.com> (raw)
In-Reply-To: <3db9c306-ea22-444f-b932-f66f800a7a28@www.fastmail.com>
Hi Hannes,
On Fri, Jan 14, 2022 at 6:44 PM Hannes Frederic Sowa
<hannes@stressinduktion.org> wrote:
> I don't think we can argue our way out of this by stating that there are
> no guarantees anyway, as much as I would like to change the hash
> function as well.
Shucks. Alright then.
> As much as I know about the problems with SHA1 and would like to see it
> removed from the kernel as well, I fear that in this case it seems hard
> to do. I would propose putting sha1 into a compilation unit and
> overwrite the compiler flags to optimize the function optimized for size
> and maybe add another mode or knob to switch the hashing algorithm if
> necessary.
Already on it! :)
https://lore.kernel.org/linux-crypto/20220114154247.99773-3-Jason@zx2c4.com/
> I haven't investigated recent research into breakage of SHA1, I mostly
> remember the chosen-image and collision attacks against it. Given the
> particular usage of SHA1 in this case, do you think switching the
> hashing function increases security?
Considering we're only using 64-bits of SHA-1 output, I don't think
the SHA-1 collision attacks give you that much here. And it seems like
there are other network-level security concerns with the whole scheme
anyway. So it might not be the largest of matters. However...
> I am asking because of the desire
> to decrease the instruction size of the kernel
Indeed this is what I was hoping for.
Jason
next prev parent reply other threads:[~2022-01-14 17:58 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-12 13:12 [PATCH RFC v1 0/3] remove remaining users of SHA-1 Jason A. Donenfeld
2022-01-12 13:12 ` [PATCH RFC v1 1/3] bpf: move from sha1 to blake2s in tag calculation Jason A. Donenfeld
2022-01-12 22:56 ` Toke Høiland-Jørgensen
2022-01-13 1:33 ` Alexei Starovoitov
2022-01-13 12:27 ` Jason A. Donenfeld
2022-01-13 22:45 ` Alexei Starovoitov
2022-01-14 8:33 ` Geert Uytterhoeven
2022-01-14 14:12 ` Jason A. Donenfeld
2022-01-14 15:08 ` Ard Biesheuvel
2022-01-14 15:20 ` Jason A. Donenfeld
2022-01-14 15:36 ` Geert Uytterhoeven
2022-01-14 15:59 ` David Laight
2022-01-14 16:19 ` Alexei Starovoitov
2022-01-14 16:34 ` Jason A. Donenfeld
2022-01-14 23:04 ` Jeffrey Walton
2022-01-12 13:12 ` [PATCH RFC v1 2/3] ipv6: move from sha1 to blake2s in address calculation Jason A. Donenfeld
2022-01-12 15:49 ` Jason A. Donenfeld
2022-01-12 23:05 ` Toke Høiland-Jørgensen
2022-01-12 23:31 ` Jason A. Donenfeld
2022-01-13 11:15 ` Hannes Frederic Sowa
2022-01-13 12:06 ` Ard Biesheuvel
2022-01-13 12:22 ` Jason A. Donenfeld
2022-01-13 12:29 ` Ard Biesheuvel
2022-01-13 13:30 ` Toke Høiland-Jørgensen
2022-01-13 13:40 ` Ard Biesheuvel
2022-01-13 13:45 ` Jason A. Donenfeld
2022-01-13 13:50 ` Ard Biesheuvel
2022-01-13 13:54 ` Jason A. Donenfeld
2022-01-13 16:18 ` Toke Høiland-Jørgensen
2022-01-14 16:07 ` Jason A. Donenfeld
2022-01-14 16:57 ` Toke Høiland-Jørgensen
2022-01-14 17:41 ` Hannes Frederic Sowa
2022-01-14 17:58 ` Jason A. Donenfeld [this message]
2022-01-12 13:12 ` [PATCH RFC v1 3/3] crypto: sha1_generic - import lib/sha1.c locally Jason A. Donenfeld
2022-01-12 18:50 ` [PATCH RFC v1 0/3] remove remaining users of SHA-1 David Sterba
2022-01-12 18:57 ` Jason A. Donenfeld
2022-01-13 3:24 ` Sandy Harris
2022-01-13 8:08 ` Ard Biesheuvel
2022-01-13 17:28 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHmME9qy4-qkBAD9fJ6jqHxw2DYtscerZdriMYXw1T4iPD6Y-A@mail.gmail.com \
--to=jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=ek@google.com \
--cc=fgont@si6networks.com \
--cc=geert@linux-m68k.org \
--cc=hannes@stressinduktion.org \
--cc=herbert@gondor.apana.org.au \
--cc=hideaki.yoshifuji@miraclelinux.com \
--cc=jeanphilippe.aumasson@gmail.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lorenzo@google.com \
--cc=netdev@vger.kernel.org \
--cc=toke@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.