Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 19 Dec 2016 18:08:47 +0100
From: "Jason A. Donenfeld" <>
Cc: Netdev <>,, 
	LKML <>, 
	Linux Crypto Mailing List <>, David Laight <>, 
	Ted Tso <>, Hannes Frederic Sowa <>, 
	Linus Torvalds <>, Eric Biggers <>, 
	Tom Herbert <>, George Spelvin <>, 
	Vegard Nossum <>, Andi Kleen <>, 
	David Miller <>, Andy Lutomirski <>, 
	Jean-Philippe Aumasson <>, "Daniel J . Bernstein" <>
Subject: Re: [PATCH v5 1/4] siphash: add cryptographically secure PRF

On Sat, Dec 17, 2016 at 3:55 PM, Jeffrey Walton <> wrote:
> It may be prudent to include the endian reversal in the test to ensure
> big endian machines produce expected results. Some closely related
> testing on an old Apple PowerMac G5 revealed that result needed to be
> reversed before returning it to a caller.

The function [1] returns a u64. Originally I had it returning a
__le64, but that was considered unnecessary by many prior reviewers on
the list. It returns an integer. If you want uniform bytes out of it,
then use the endian conversion function, the same as you would do with
any other type of integer.

Additionally, this function is *not* meant for af_alg or any of the
crypto/* code. It's very unlikely to find a use there.

> Forgive my ignorance... I did not find reading on using the primitive
> in a PRNG. Does anyone know what Aumasson or Bernstein have to say?
> Aumasson's site does not seem to discuss the use case:

He's on this thread so I suppose he can speak up for himself. But in
my conversations with him, the primary take-away was, "seems okay to
me!". But please -- JP - correct me if I've misinterpreted.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.