Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Dec 2016 00:13:34 +0100
From: "Jason A. Donenfeld" <>
To: Netdev <>,, 
	LKML <>, 
	Linux Crypto Mailing List <>, David Laight <>, 
	Ted Tso <>, Hannes Frederic Sowa <>, 
	Eric Dumazet <>, Linus Torvalds <>, 
	Eric Biggers <>, Tom Herbert <>, 
	Andi Kleen <>, David Miller <>, 
	Andy Lutomirski <>, 
	Jean-Philippe Aumasson <>
Cc: "Jason A. Donenfeld" <>
Subject: Re: [PATCH v7 3/6] random: use SipHash in place of MD5

Hi Ted,

On Thu, Dec 22, 2016 at 12:02 AM, Jason A. Donenfeld <> wrote:
> This duplicates the current algorithm for get_random_int/long

I should have mentioned this directly in the commit message, which I
forgot to update: this v7 adds the time-based key rotation, which,
while not strictly necessary for ensuring the security of the RNG,
might help alleviate some concerns, as we talked about. Performance is
quite good on both 32-bit and 64-bit -- better than MD5 in both cases.

If you like this, terrific. If not, I'm happy to take this in whatever
direction you prefer, and implement whatever construction you think
best. There's been a lot of noise on this list about it; we can
continue to discuss more, or you can just tell me whatever you want to
do, and I'll implement it and that'll be the end of it. As you said,
we can always get something decent now and improve it later.

Alternatively, if you've decided in the end you prefer your batched
entropy approach using chacha, I'm happy to implement a polished
version of that here in this patch series (so that we can keep the `rm
lib/md5.c` commit.)

Just let me know how you'd like to proceed.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.