From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
To: "Toke Høiland-Jørgensen" <toke@redhat.com>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
Network Development <netdev@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Geert Uytterhoeven <geert@linux-m68k.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Ard Biesheuvel <ardb@kernel.org>,
Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
bpf <bpf@vger.kernel.org>
Subject: Re: [PATCH RFC v1 1/3] bpf: move from sha1 to blake2s in tag calculation
Date: Wed, 12 Jan 2022 17:33:44 -0800 [thread overview]
Message-ID: <CAADnVQJqoHy+EQ-G5fUtkPpeHaA6YnqsOjjhUY6UW0v7eKSTZw@mail.gmail.com> (raw)
In-Reply-To: <87tue8ftrm.fsf@toke.dk>
On Wed, Jan 12, 2022 at 5:14 PM Toke Høiland-Jørgensen <toke@redhat.com> wrote:
>
> [ adding the bpf list - please make sure to include that when sending
> BPF-related patches, not everyone in BPF land follows netdev ]
>
> "Jason A. Donenfeld" <Jason@zx2c4.com> writes:
>
> > BLAKE2s is faster and more secure. SHA-1 has been broken for a long time
> > now. This also removes quite a bit of code, and lets us potentially
> > remove sha1 from lib, which would further reduce vmlinux size.
>
> AFAIU, the BPF tag is just used as an opaque (i.e., arbitrary) unique
> identifier for BPF programs, without any guarantees of stability. Which
> means changing it should be fine; at most we'd confuse some operators
> who have memorised the tags of their BPF programs :)
>
> The only other concern I could see would be if it somehow locked us into
> that particular algorithm for other future use cases for computing
> hashes of BPF programs (say, signing if that ends up being the direction
> we go in). But obviously SHA1 would not be a good fit for that anyway,
> so the algorithm choice would have to be part of that discussion in any
> case.
>
> So all in all, I don't see any issues with making this change for BPF.
Nack.
It's part of api. We cannot change it.
next prev parent reply other threads:[~2022-01-13 1:33 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20220112131204.800307-1-Jason@zx2c4.com>
[not found] ` <20220112131204.800307-2-Jason@zx2c4.com>
2022-01-12 22:56 ` [PATCH RFC v1 1/3] bpf: move from sha1 to blake2s in tag calculation Toke Høiland-Jørgensen
2022-01-13 1:33 ` Alexei Starovoitov [this message]
2022-01-13 12:27 ` Jason A. Donenfeld
2022-01-13 22:45 ` Alexei Starovoitov
2022-01-14 8:33 ` Geert Uytterhoeven
2022-01-14 14:12 ` Jason A. Donenfeld
2022-01-14 15:08 ` Ard Biesheuvel
2022-01-14 15:20 ` Jason A. Donenfeld
2022-01-14 15:36 ` Geert Uytterhoeven
2022-01-14 15:59 ` David Laight
2022-01-14 16:19 ` Alexei Starovoitov
2022-01-14 16:34 ` Jason A. Donenfeld
2022-01-14 23:04 ` Jeffrey Walton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAADnVQJqoHy+EQ-G5fUtkPpeHaA6YnqsOjjhUY6UW0v7eKSTZw@mail.gmail.com \
--to=alexei.starovoitov@gmail.com \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=geert@linux-m68k.org \
--cc=herbert@gondor.apana.org.au \
--cc=jeanphilippe.aumasson@gmail.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=toke@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).