From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Jason A. Donenfeld" Subject: Re: [PATCH v5 1/4] siphash: add cryptographically secure PRF Date: Fri, 16 Dec 2016 18:09:26 +0100 Message-ID: References: <20161215232840.22459.qmail@ns.sciencehorizons.net> <063D6719AE5E284EB5DD2968C1650D6DB0241238@AcuExch.aculab.com> Reply-To: kernel-hardening@lists.openwall.com Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Cc: George Spelvin , "ak@linux.intel.com" , "davem@davemloft.net" , "ebiggers3@gmail.com" , "hannes@stressinduktion.org" , "jeanphilippe.aumasson@gmail.com" , "kernel-hardening@lists.openwall.com" , "linux-crypto@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "luto@amacapital.net" , "netdev@vger.kernel.org" , "tom@herbertland.com" , "torvalds@linux-foundation.org" , "tytso@mit.edu" , "vegard.nossum@gmail.com" , "djb@cr.yp.to" To: David Laight Return-path: List-Post: List-Help: List-Unsubscribe: List-Subscribe: In-Reply-To: <063D6719AE5E284EB5DD2968C1650D6DB0241238@AcuExch.aculab.com> List-Id: linux-crypto.vger.kernel.org Hi David, On Fri, Dec 16, 2016 at 6:06 PM, David Laight wrote: > A 32bit hash would also remove all the issues about the alignment > of IP addresses (etc) on 64bit systems. The current replacements of md5_transform with siphash in the v6 patch series will continue to use the original siphash, since the 128-bit key is rather important for these kinds of secrets. Additionally, 64-bit siphash is already faster than the md5_transform that it replaces. So the alignment concerns (now, non-issues; problems have been solved, I believe) still remain. Jason From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756206AbcLPRJs (ORCPT ); Fri, 16 Dec 2016 12:09:48 -0500 Received: from frisell.zx2c4.com ([192.95.5.64]:45928 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752922AbcLPRJd (ORCPT ); Fri, 16 Dec 2016 12:09:33 -0500 MIME-Version: 1.0 In-Reply-To: <063D6719AE5E284EB5DD2968C1650D6DB0241238@AcuExch.aculab.com> References: <20161215232840.22459.qmail@ns.sciencehorizons.net> <063D6719AE5E284EB5DD2968C1650D6DB0241238@AcuExch.aculab.com> From: "Jason A. Donenfeld" Date: Fri, 16 Dec 2016 18:09:26 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v5 1/4] siphash: add cryptographically secure PRF To: David Laight Cc: George Spelvin , "ak@linux.intel.com" , "davem@davemloft.net" , "ebiggers3@gmail.com" , "hannes@stressinduktion.org" , "jeanphilippe.aumasson@gmail.com" , "kernel-hardening@lists.openwall.com" , "linux-crypto@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "luto@amacapital.net" , "netdev@vger.kernel.org" , "tom@herbertland.com" , "torvalds@linux-foundation.org" , "tytso@mit.edu" , "vegard.nossum@gmail.com" , "djb@cr.yp.to" Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi David, On Fri, Dec 16, 2016 at 6:06 PM, David Laight wrote: > A 32bit hash would also remove all the issues about the alignment > of IP addresses (etc) on 64bit systems. The current replacements of md5_transform with siphash in the v6 patch series will continue to use the original siphash, since the 128-bit key is rather important for these kinds of secrets. Additionally, 64-bit siphash is already faster than the md5_transform that it replaces. So the alignment concerns (now, non-issues; problems have been solved, I believe) still remain. Jason From mboxrd@z Thu Jan 1 00:00:00 1970 Reply-To: kernel-hardening@lists.openwall.com MIME-Version: 1.0 In-Reply-To: <063D6719AE5E284EB5DD2968C1650D6DB0241238@AcuExch.aculab.com> References: <20161215232840.22459.qmail@ns.sciencehorizons.net> <063D6719AE5E284EB5DD2968C1650D6DB0241238@AcuExch.aculab.com> From: "Jason A. Donenfeld" Date: Fri, 16 Dec 2016 18:09:26 +0100 Message-ID: Content-Type: text/plain; charset=UTF-8 Subject: [kernel-hardening] Re: [PATCH v5 1/4] siphash: add cryptographically secure PRF To: David Laight Cc: George Spelvin , "ak@linux.intel.com" , "davem@davemloft.net" , "ebiggers3@gmail.com" , "hannes@stressinduktion.org" , "jeanphilippe.aumasson@gmail.com" , "kernel-hardening@lists.openwall.com" , "linux-crypto@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "luto@amacapital.net" , "netdev@vger.kernel.org" , "tom@herbertland.com" , "torvalds@linux-foundation.org" , "tytso@mit.edu" , "vegard.nossum@gmail.com" , "djb@cr.yp.to" List-ID: Hi David, On Fri, Dec 16, 2016 at 6:06 PM, David Laight wrote: > A 32bit hash would also remove all the issues about the alignment > of IP addresses (etc) on 64bit systems. The current replacements of md5_transform with siphash in the v6 patch series will continue to use the original siphash, since the 128-bit key is rather important for these kinds of secrets. Additionally, 64-bit siphash is already faster than the md5_transform that it replaces. So the alignment concerns (now, non-issues; problems have been solved, I believe) still remain. Jason