Re: [kernel-hardening] Re: [PATCH v5 1/4] siphash: add cryptographically secure PRF

From: Hannes Frederic Sowa
Date: Fri Dec 16 2016 - 16:15:36 EST

Next message: Dan Carpenter: "Re: [patch] orangefs: cleanup orangefs_debugfs_new_client_string()"
Previous message: Heiko Stuebner: "thermal zones break with patch "Reimplement IDR and IDA using the radix tree" (mainline+next)"
In reply to: Jason A. Donenfeld: "Re: [kernel-hardening] Re: [PATCH v5 1/4] siphash: add cryptographically secure PRF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Dec 16, 2016, at 22:01, Jason A. Donenfeld wrote:
> Yes, on x86-64. But on i386 chacha20 incurs nearly the same kind of
> slowdown as siphash, so I expect the comparison to be more or less
> equal. There's another thing I really didn't like about your chacha20
> approach which is that it uses the /dev/urandom pool, which means
> various things need to kick in in the background to refill this.
> Additionally, having to refill the buffered chacha output every 32 or
> so longs isn't nice. These things together make for inconsistent and
> hard to understand general operating system performance, because
> get_random_long is called at every process startup for ASLR. So, in
> the end, I believe there's another reason for going with the siphash
> approach: deterministic performance.

*Hust*, so from where do you generate your key for siphash if called
early from ASLR?

Bye,
Hannes

Next message: Dan Carpenter: "Re: [patch] orangefs: cleanup orangefs_debugfs_new_client_string()"
Previous message: Heiko Stuebner: "thermal zones break with patch "Reimplement IDR and IDA using the radix tree" (mainline+next)"
In reply to: Jason A. Donenfeld: "Re: [kernel-hardening] Re: [PATCH v5 1/4] siphash: add cryptographically secure PRF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]