linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>, noloader@gmail.com
Cc: Netdev <netdev@vger.kernel.org>,
	kernel-hardening@lists.openwall.com,
	LKML <linux-kernel@vger.kernel.org>,
	Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
	David Laight <David.Laight@aculab.com>, Ted Tso <tytso@mit.edu>,
	Hannes Frederic Sowa <hannes@stressinduktion.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Eric Biggers <ebiggers3@gmail.com>,
	Tom Herbert <tom@herbertland.com>,
	George Spelvin <linux@sciencehorizons.net>,
	Vegard Nossum <vegard.nossum@gmail.com>,
	Andi Kleen <ak@linux.intel.com>,
	David Miller <davem@davemloft.net>,
	Andy Lutomirski <luto@amacapital.net>,
	"Daniel J . Bernstein" <djb@cr.yp.to>
Subject: Re: [PATCH v5 1/4] siphash: add cryptographically secure PRF
Date: Mon, 19 Dec 2016 17:19:16 +0000	[thread overview]
Message-ID: <CAGiyFdf9vV+WikAsxG0m9UkGC1ggjJjkwGWzYwvxxNNeangwBg@mail.gmail.com> (raw)
In-Reply-To: <CAHmME9o6CFuQJEp3QJgkh78r5Z2F8NJnpTCCFUiSnAiJxPGCJQ@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 1388 bytes --]

Yeah you can use the PRF properties to build a DRBG, but that may not be
optimal in terms of performance.
On Mon, 19 Dec 2016 at 18:08, Jason A. Donenfeld <Jason@zx2c4.com> wrote:

> On Sat, Dec 17, 2016 at 3:55 PM, Jeffrey Walton <noloader@gmail.com>
> wrote:
> > It may be prudent to include the endian reversal in the test to ensure
> > big endian machines produce expected results. Some closely related
> > testing on an old Apple PowerMac G5 revealed that result needed to be
> > reversed before returning it to a caller.
>
> The function [1] returns a u64. Originally I had it returning a
> __le64, but that was considered unnecessary by many prior reviewers on
> the list. It returns an integer. If you want uniform bytes out of it,
> then use the endian conversion function, the same as you would do with
> any other type of integer.
>
> Additionally, this function is *not* meant for af_alg or any of the
> crypto/* code. It's very unlikely to find a use there.
>
>
> > Forgive my ignorance... I did not find reading on using the primitive
> > in a PRNG. Does anyone know what Aumasson or Bernstein have to say?
> > Aumasson's site does not seem to discuss the use case:
>
> He's on this thread so I suppose he can speak up for himself. But in
> my conversations with him, the primary take-away was, "seems okay to
> me!". But please -- JP - correct me if I've misinterpreted.
>

[-- Attachment #2: Type: text/html, Size: 2216 bytes --]

  reply	other threads:[~2016-12-19 17:19 UTC|newest]

Thread overview: 92+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-12-15 20:29 [PATCH v5 0/4] The SipHash Patchset Jason A. Donenfeld
2016-12-15 20:30 ` [PATCH v5 1/4] siphash: add cryptographically secure PRF Jason A. Donenfeld
2016-12-15 22:42   ` George Spelvin
2016-12-15 23:00     ` Jean-Philippe Aumasson
2016-12-15 23:28       ` George Spelvin
2016-12-16 17:06         ` David Laight
2016-12-16 17:09           ` Jason A. Donenfeld
2016-12-16  3:46       ` George Spelvin
2016-12-16  8:08         ` Jean-Philippe Aumasson
2016-12-16 12:39           ` Jason A. Donenfeld
2016-12-16 13:22             ` Jean-Philippe Aumasson
2016-12-16 15:51               ` Jason A. Donenfeld
2016-12-16 17:36                 ` George Spelvin
2016-12-16 18:00                   ` Jason A. Donenfeld
2016-12-16 20:17                     ` George Spelvin
2016-12-16 20:43                       ` Theodore Ts'o
2016-12-16 22:13                         ` George Spelvin
2016-12-16 22:15                           ` Andy Lutomirski
2016-12-16 22:18                           ` Jason A. Donenfeld
2016-12-16 23:44                             ` George Spelvin
2016-12-17  1:39                               ` Jason A. Donenfeld
2016-12-17  2:15                                 ` George Spelvin
2016-12-17 15:41                                   ` Theodore Ts'o
2016-12-17 16:14                                     ` Jeffrey Walton
2016-12-19 17:21                                     ` [kernel-hardening] " Jason A. Donenfeld
2016-12-17 12:42                 ` George Spelvin
2016-12-16 20:39               ` Jason A. Donenfeld
2016-12-16 19:47             ` Tom Herbert
2016-12-16 20:41               ` George Spelvin
2016-12-16 20:57                 ` Tom Herbert
2016-12-16 20:44               ` Daniel Micay
2016-12-16 21:09                 ` [kernel-hardening] " Jason A. Donenfeld
2016-12-17 15:21               ` George Spelvin
2016-12-19 14:14                 ` David Laight
2016-12-19 18:10                   ` George Spelvin
2016-12-19 20:18                     ` Jean-Philippe Aumasson
2016-12-16  2:14   ` kbuild test robot
2016-12-17 14:55   ` Jeffrey Walton
2016-12-19 17:08     ` Jason A. Donenfeld
2016-12-19 17:19       ` Jean-Philippe Aumasson [this message]
2016-12-15 20:30 ` [PATCH v5 2/4] siphash: add Nu{32,64} helpers Jason A. Donenfeld
2016-12-16 10:39   ` David Laight
2016-12-16 15:44     ` George Spelvin
2016-12-15 20:30 ` [PATCH v5 3/4] secure_seq: use SipHash in place of MD5 Jason A. Donenfeld
2016-12-16  9:59   ` David Laight
2016-12-16 15:57     ` Jason A. Donenfeld
2016-12-15 20:30 ` [PATCH v5 4/4] random: " Jason A. Donenfeld
2016-12-16  3:03 ` [PATCH v6 0/5] The SipHash Patchset Jason A. Donenfeld
2016-12-16  3:03   ` [PATCH v6 1/5] siphash: add cryptographically secure PRF Jason A. Donenfeld
2016-12-16  3:03   ` [PATCH v6 2/5] secure_seq: use SipHash in place of MD5 Jason A. Donenfeld
2016-12-16  3:03   ` [PATCH v6 3/5] random: " Jason A. Donenfeld
2016-12-16 21:31     ` Andy Lutomirski
2016-12-16  3:03   ` [PATCH v6 4/5] md5: remove from lib and only live in crypto Jason A. Donenfeld
2016-12-16  3:03   ` [PATCH v6 5/5] syncookies: use SipHash in place of SHA1 Jason A. Donenfeld
2016-12-21 23:02   ` [PATCH v7 0/6] The SipHash Patchset Jason A. Donenfeld
2016-12-21 23:02     ` [PATCH v7 1/6] siphash: add cryptographically secure PRF Jason A. Donenfeld
2016-12-22  1:40       ` Stephen Hemminger
2016-12-21 23:02     ` [PATCH v7 2/6] secure_seq: use SipHash in place of MD5 Jason A. Donenfeld
2016-12-21 23:02     ` [PATCH v7 3/6] random: " Jason A. Donenfeld
2016-12-21 23:13       ` Jason A. Donenfeld
2016-12-21 23:42       ` Andy Lutomirski
2016-12-22  2:07         ` Hannes Frederic Sowa
2016-12-22  2:09           ` Andy Lutomirski
2016-12-22  2:49           ` Jason A. Donenfeld
2016-12-22  3:12             ` Jason A. Donenfeld
2016-12-22  5:41             ` Theodore Ts'o
2016-12-22  6:03               ` [kernel-hardening] " Jason A. Donenfeld
2016-12-22 15:58                 ` Theodore Ts'o
2016-12-22 16:16                   ` Jason A. Donenfeld
2016-12-22 16:30                     ` [kernel-hardening] " Theodore Ts'o
2016-12-22 16:36                       ` Jason A. Donenfeld
2016-12-22 12:47               ` Hannes Frederic Sowa
2016-12-22 13:10                 ` [kernel-hardening] " Jason A. Donenfeld
2016-12-22 15:05                   ` Hannes Frederic Sowa
2016-12-22 15:12                     ` Jason A. Donenfeld
2016-12-22 15:29                       ` Jason A. Donenfeld
2016-12-22 15:33                         ` Hannes Frederic Sowa
2016-12-22 15:41                           ` [kernel-hardening] " Jason A. Donenfeld
2016-12-22 15:51                             ` Hannes Frederic Sowa
2016-12-22 15:53                               ` [kernel-hardening] " Jason A. Donenfeld
2016-12-22 15:54                   ` Theodore Ts'o
2016-12-22 18:08                     ` [kernel-hardening] " Hannes Frederic Sowa
2016-12-22 18:13                       ` Jason A. Donenfeld
2016-12-22 19:50                       ` [kernel-hardening] " Theodore Ts'o
2016-12-22  2:31         ` Jason A. Donenfeld
2016-12-21 23:02     ` [PATCH v7 4/6] md5: remove from lib and only live in crypto Jason A. Donenfeld
2016-12-21 23:02     ` [PATCH v7 5/6] syncookies: use SipHash in place of SHA1 Jason A. Donenfeld
2016-12-21 23:02     ` [PATCH v7 6/6] siphash: implement HalfSipHash1-3 for hash tables Jason A. Donenfeld
2016-12-22  0:46       ` Andi Kleen
2016-12-16 20:43 [PATCH v5 1/4] siphash: add cryptographically secure PRF Jason A. Donenfeld
2016-12-16 20:49 Jason A. Donenfeld
2016-12-16 21:25 ` George Spelvin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAGiyFdf9vV+WikAsxG0m9UkGC1ggjJjkwGWzYwvxxNNeangwBg@mail.gmail.com \
    --to=jeanphilippe.aumasson@gmail.com \
    --cc=David.Laight@aculab.com \
    --cc=Jason@zx2c4.com \
    --cc=ak@linux.intel.com \
    --cc=davem@davemloft.net \
    --cc=djb@cr.yp.to \
    --cc=ebiggers3@gmail.com \
    --cc=hannes@stressinduktion.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@sciencehorizons.net \
    --cc=luto@amacapital.net \
    --cc=netdev@vger.kernel.org \
    --cc=noloader@gmail.com \
    --cc=tom@herbertland.com \
    --cc=torvalds@linux-foundation.org \
    --cc=tytso@mit.edu \
    --cc=vegard.nossum@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).