From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Tom Herbert <tom@herbertland.com>
Cc: Netdev <netdev@vger.kernel.org>,
kernel-hardening@lists.openwall.com,
LKML <linux-kernel@vger.kernel.org>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>,
"Daniel J . Bernstein" <djb@cr.yp.to>,
Linus Torvalds <torvalds@linux-foundation.org>,
Eric Biggers <ebiggers3@gmail.com>,
David Laight <David.Laight@aculab.com>
Subject: Re: [PATCH v3 1/3] siphash: add cryptographically secure hashtable function
Date: Wed, 14 Dec 2016 23:56:41 +0100 [thread overview]
Message-ID: <CAHmME9rpvf4tyDjZcJAJxMAW1LcqNm7DiquiYX0uQhRzDLbwqw@mail.gmail.com> (raw)
In-Reply-To: <CALx6S35VBjw42G6rHPrNfVaBfLMz3YZVjs3D3hBG=4gp5+g5tA@mail.gmail.com>
Hey Tom,
On Wed, Dec 14, 2016 at 10:35 PM, Tom Herbert <tom@herbertland.com> wrote:
> Those look good, although I would probably just do 1,2,3 words and
> then have a function that takes n words like jhash. Might want to call
> these dword to distinguish from 32 bit words in jhash.
So actually jhash_Nwords makes no sense, since it takes dwords
(32-bits) not words (16-bits). The siphash analog should be called
siphash24_Nqwords.
I think what I'll do is change what I already have to:
siphash24_1qword
siphash24_2qword
siphash24_3qword
siphash24_4qword
And then add some static inline helpers to assist with smaller u32s
like ipv4 addresses called:
siphash24_2dword
siphash24_4dword
siphash24_6dword
siphash24_8dword
While we're having something new, might as well call it the right thing.
> Also, what is the significance of "24" in the function and constant
> names? Can we just drop that and call this siphash?
SipHash is actually a family of PRFs, differentiated by the number of
SIPROUNDs after each 64-bit input is processed and the number of
SIPROUNDs at the very end of the function. The best trade-off of speed
and security for kernel usage is 2 rounds after each 64-bit input and
4 rounds at the end of the function. This doesn't fall to any known
cryptanalysis and it's very fast.
next prev parent reply other threads:[~2016-12-14 22:56 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-14 3:59 [PATCH v2 1/4] siphash: add cryptographically secure hashtable function Jason A. Donenfeld
2016-12-14 3:59 ` [PATCH v2 2/4] siphash: add convenience functions for jhash converts Jason A. Donenfeld
2016-12-14 3:59 ` [PATCH v2 3/4] secure_seq: use siphash24 instead of md5_transform Jason A. Donenfeld
2016-12-14 12:53 ` Jason A. Donenfeld
2016-12-14 13:16 ` Hannes Frederic Sowa
2016-12-14 13:44 ` Jason A. Donenfeld
2016-12-14 14:47 ` David Laight
2016-12-14 17:49 ` Jason A. Donenfeld
2016-12-14 17:56 ` David Miller
2016-12-14 18:06 ` Jason A. Donenfeld
2016-12-14 19:22 ` Hannes Frederic Sowa
2016-12-14 19:38 ` Jason A. Donenfeld
2016-12-14 20:27 ` Hannes Frederic Sowa
2016-12-14 20:12 ` Tom Herbert
2016-12-14 21:01 ` Jason A. Donenfeld
2016-12-14 3:59 ` [PATCH v2 4/4] random: use siphash24 instead of md5 for get_random_int/long Jason A. Donenfeld
2016-12-14 11:21 ` [PATCH v2 1/4] siphash: add cryptographically secure hashtable function Hannes Frederic Sowa
2016-12-14 13:10 ` Jason A. Donenfeld
2016-12-14 15:09 ` Hannes Frederic Sowa
2016-12-14 19:47 ` Jason A. Donenfeld
2016-12-15 7:57 ` Herbert Xu
2016-12-15 8:15 ` [kernel-hardening] " Daniel Micay
2016-12-14 12:46 ` Jason A. Donenfeld
2016-12-14 22:03 ` Hannes Frederic Sowa
2016-12-14 23:29 ` Jason A. Donenfeld
2016-12-15 8:31 ` Hannes Frederic Sowa
2016-12-15 11:04 ` David Laight
2016-12-15 12:23 ` Hannes Frederic Sowa
2016-12-15 12:28 ` David Laight
2016-12-15 12:50 ` Hannes Frederic Sowa
2016-12-15 13:56 ` David Laight
2016-12-15 14:56 ` Hannes Frederic Sowa
2016-12-15 15:41 ` David Laight
2016-12-15 15:53 ` Hannes Frederic Sowa
2016-12-15 18:50 ` Jason A. Donenfeld
2016-12-15 20:31 ` Hannes Frederic Sowa
2016-12-15 20:43 ` Jason A. Donenfeld
2016-12-15 21:04 ` Peter Zijlstra
2016-12-15 21:09 ` Hannes Frederic Sowa
2016-12-15 21:17 ` Hannes Frederic Sowa
2016-12-15 21:09 ` Peter Zijlstra
2016-12-15 21:11 ` [kernel-hardening] " Jason A. Donenfeld
2016-12-15 21:14 ` Linus Torvalds
2016-12-14 18:46 ` [PATCH v3 1/3] " Jason A. Donenfeld
2016-12-14 18:46 ` [PATCH v3 2/3] secure_seq: use siphash24 instead of md5_transform Jason A. Donenfeld
2016-12-14 21:44 ` kbuild test robot
2016-12-14 18:46 ` [PATCH v3 3/3] random: use siphash24 instead of md5 for get_random_int/long Jason A. Donenfeld
2016-12-14 21:56 ` kbuild test robot
2016-12-14 21:57 ` kbuild test robot
2016-12-15 10:14 ` David Laight
2016-12-15 18:51 ` Jason A. Donenfeld
2016-12-14 19:18 ` [PATCH v3 1/3] siphash: add cryptographically secure hashtable function Tom Herbert
2016-12-14 19:35 ` Jason A. Donenfeld
2016-12-14 20:55 ` Jason A. Donenfeld
2016-12-14 21:35 ` Tom Herbert
2016-12-14 22:56 ` Jason A. Donenfeld [this message]
2016-12-14 23:14 ` Tom Herbert
2016-12-14 23:17 ` Jason A. Donenfeld
2016-12-18 0:06 ` Christian Kujau
2016-12-14 23:30 ` Linus Torvalds
2016-12-14 23:34 ` Jason A. Donenfeld
2016-12-15 0:10 ` Linus Torvalds
2016-12-15 10:22 ` David Laight
2016-12-14 21:15 ` kbuild test robot
2016-12-14 21:21 ` Jason A. Donenfeld
2016-12-15 1:46 ` [PATCH v4 1/4] " Jason A. Donenfeld
2016-12-15 1:46 ` [PATCH v4 2/4] siphash: add N[qd]word helpers Jason A. Donenfeld
2016-12-15 1:46 ` [PATCH v4 3/4] secure_seq: use siphash instead of md5_transform Jason A. Donenfeld
2016-12-15 1:46 ` [PATCH v4 4/4] random: use siphash instead of MD5 for get_random_int/long Jason A. Donenfeld
2016-12-15 4:23 ` [PATCH v4 1/4] siphash: add cryptographically secure hashtable function kbuild test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHmME9rpvf4tyDjZcJAJxMAW1LcqNm7DiquiYX0uQhRzDLbwqw@mail.gmail.com \
--to=jason@zx2c4.com \
--cc=David.Laight@aculab.com \
--cc=djb@cr.yp.to \
--cc=ebiggers3@gmail.com \
--cc=jeanphilippe.aumasson@gmail.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=tom@herbertland.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).