From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932314AbcLLXEe (ORCPT ); Mon, 12 Dec 2016 18:04:34 -0500 Received: from frisell.zx2c4.com ([192.95.5.64]:50109 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751845AbcLLXEd (ORCPT ); Mon, 12 Dec 2016 18:04:33 -0500 MIME-Version: 1.0 From: "Jason A. Donenfeld" Date: Tue, 13 Dec 2016 00:04:27 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v3] siphash: add cryptographically secure hashtable function To: Andi Kleen Cc: Linus Torvalds , "kernel-hardening@lists.openwall.com" , LKML , Linux Crypto Mailing List , George Spelvin , Scott Bauer , Andy Lutomirski , Greg KH , Eric Biggers , Jean-Philippe Aumasson , "Daniel J . Bernstein" Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 13, 2016 at 12:01 AM, Andi Kleen wrote: > It would be nice if the network code could be converted to use siphash > for the secure sequence numbers. Right now it pulls in a lot of code > for bigger secure hashes just for that, which is a problem for tiny > kernels. Indeed this would be a great first candidate. There are lots of places where MD5 (!!) is pulled in for this sort of thing, when SipHash could be a faster and leaner replacement (and arguably more secure than rusty MD5).