Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 16 Dec 2016 23:23:59 +0100
From: "Jason A. Donenfeld" <>
To: Andy Lutomirski <>
Cc: Netdev <>, 
	"" <>, LKML <>, 
	Linux Crypto Mailing List <>, David Laight <>, 
	Ted Tso <>, Hannes Frederic Sowa <>, 
	Linus Torvalds <>, Eric Biggers <>, 
	Tom Herbert <>, George Spelvin <>, 
	Vegard Nossum <>, Andi Kleen <>, 
	"David S. Miller" <>, 
	Jean-Philippe Aumasson <>
Subject: Re: [PATCH v6 3/5] random: use SipHash in place of MD5

Hi Andy,

> Agreed.  A simpler contruction would be:
> chaining++;
> output = H(chaining, secret);
> And this looks a whole lot like Ted's ChaCha20 construction.

In that simpler construction with counter-based secret rekeying and in
Ted's ChaCha20 construction, the issue is that every X hits, there's a
call to get_random_bytes, which has variable performance and entropy
issues. Doing it my way with it being time based, in the event that
somebody runs ` :(){ :|:& };:`, system performance doesn't suffer
because ASLR is making repeated calls to get_random_bytes every 128 or
so process creations. In the time based way, the system performance
will not suffer.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.