Re: [PATCH v6 3/5] random: use SipHash in place of MD5

From: Jason A. Donenfeld
Date: Fri Dec 16 2016 - 17:24:11 EST

Next message: Andy Shevchenko: "Re: [PATCH v6 1/3] clk: x86: Add Atom PMC platform clocks"
Previous message: Kees Cook: "Re: [PATCH] latent_entropy: fix ARM build error on earlier gcc"
In reply to: Andy Lutomirski: "Re: [PATCH v6 3/5] random: use SipHash in place of MD5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Andy,

> Agreed. A simpler contruction would be:
>
> chaining++;
> output = H(chaining, secret);
>
> And this looks a whole lot like Ted's ChaCha20 construction.

In that simpler construction with counter-based secret rekeying and in
Ted's ChaCha20 construction, the issue is that every X hits, there's a
call to get_random_bytes, which has variable performance and entropy
issues. Doing it my way with it being time based, in the event that
somebody runs ` :(){ :|:& };:`, system performance doesn't suffer
because ASLR is making repeated calls to get_random_bytes every 128 or
so process creations. In the time based way, the system performance
will not suffer.

Jason

Next message: Andy Shevchenko: "Re: [PATCH v6 1/3] clk: x86: Add Atom PMC platform clocks"
Previous message: Kees Cook: "Re: [PATCH] latent_entropy: fix ARM build error on earlier gcc"
In reply to: Andy Lutomirski: "Re: [PATCH v6 3/5] random: use SipHash in place of MD5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]