lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Jan 2022 16:20:33 +0100 From: "Jason A. Donenfeld" <Jason@...c4.com> To: Ard Biesheuvel <ardb@...nel.org> Cc: Alexei Starovoitov <alexei.starovoitov@...il.com>, Toke Høiland-Jørgensen <toke@...hat.com>, Network Development <netdev@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, Geert Uytterhoeven <geert@...ux-m68k.org>, Herbert Xu <herbert@...dor.apana.org.au>, Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com>, Linux Crypto Mailing List <linux-crypto@...r.kernel.org>, bpf <bpf@...r.kernel.org> Subject: Re: [PATCH RFC v1 1/3] bpf: move from sha1 to blake2s in tag calculation On Fri, Jan 14, 2022 at 4:08 PM Ard Biesheuvel <ardb@...nel.org> wrote: > Yeah, so the issue is that, at *some* point, SHA-1 is going to have to > go. So it would be helpful if Alexei could clarify *why* he doesn't > see this as a problem. The fact that it is broken means that it is no > longer intractable to forge collisions, which likley means that SHA-1 > no longer fulfills the task that you wanted it to do in the first > place. I think the reason that Alexei doesn't think that the SHA-1 choice really matters is because the result is being truncated to 64-bits, so collisions are easy anyway, regardless of which hash function is chosen (birthday bound and all). But from Geert's perspective, that SHA-1 is still taking up precious bytes in m68k builds. And from my perspective, it's poor form and clutters vmlinux, and plus, now I'm curious about why this isn't using a more appropriately sized tag in the first place. On Fri, Jan 14, 2022 at 3:12 PM Jason A. Donenfeld <Jason@...c4.com> wrote: > "checksum" -- the thing is only 64-bits, and as you told Andy Polyakov Whoops, meant Lutomirski here. x86 Andy, not crypto Andy :)
Powered by blists - more mailing lists