[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHmME9r4YNqNSZ-KXAHtJN_vm+eL1tSoC-6muHaFUN6fWhkO2g@mail.gmail.com>
Date: Sat, 17 Dec 2016 02:39:50 +0100
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: George Spelvin <linux@...encehorizons.net>
Cc: Andi Kleen <ak@...ux.intel.com>,
David Miller <davem@...emloft.net>,
David Laight <David.Laight@...lab.com>,
"Daniel J . Bernstein" <djb@...yp.to>,
Eric Biggers <ebiggers3@...il.com>,
Hannes Frederic Sowa <hannes@...essinduktion.org>,
Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com>,
kernel-hardening@...ts.openwall.com,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Andy Lutomirski <luto@...capital.net>,
Netdev <netdev@...r.kernel.org>,
Tom Herbert <tom@...bertland.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
"Theodore Ts'o" <tytso@....edu>,
Vegard Nossum <vegard.nossum@...il.com>
Subject: Re: [PATCH v5 1/4] siphash: add cryptographically secure PRF
On Sat, Dec 17, 2016 at 12:44 AM, George Spelvin
<linux@...encehorizons.net> wrote:
> Ths advice I'd give now is:
> - Implement
> unsigned long hsiphash(const void *data, size_t len, const unsigned long key[2])
> .. as SipHash on 64-bit (maybe SipHash-1-3, still being discussed) and
> HalfSipHash on 32-bit.
I already did this. Check my branch.
> - Document when it may or may not be used carefully.
Good idea. I'll write up some extensive documentation about all of
this, detailing use cases and our various conclusions.
> - #define get_random_int (unsigned)get_random_long
That's a good idea, since ultimately the other just casts in the
return value. I wonder if this could also lead to a similar aliasing
with arch_get_random_int, since I'm pretty sure all rdrand-like
instructions return native word size anyway.
> - Ted, Andy Lutorminski and I will try to figure out a construction of
> get_random_long() that we all like.
And me, I hope... No need to make this exclusive.
Jason
Powered by blists - more mailing lists