Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1482420815.2673.1.camel@stressinduktion.org>
Date: Thu, 22 Dec 2016 16:33:35 +0100
From: Hannes Frederic Sowa <hannes@...essinduktion.org>
To: "Jason A. Donenfeld" <Jason@...c4.com>
Cc: kernel-hardening@...ts.openwall.com, Theodore Ts'o <tytso@....edu>, Andy
 Lutomirski <luto@...capital.net>, Netdev <netdev@...r.kernel.org>, LKML
 <linux-kernel@...r.kernel.org>,  Linux Crypto Mailing List
 <linux-crypto@...r.kernel.org>, David Laight <David.Laight@...lab.com>,
 Eric Dumazet <edumazet@...gle.com>,  Linus Torvalds
 <torvalds@...ux-foundation.org>, Eric Biggers <ebiggers3@...il.com>, Tom
 Herbert <tom@...bertland.com>, Andi Kleen <ak@...ux.intel.com>, "David S.
 Miller" <davem@...emloft.net>, Jean-Philippe Aumasson
 <jeanphilippe.aumasson@...il.com>
Subject: Re: Re: [PATCH v7 3/6] random: use SipHash in
 place of MD5

On Thu, 2016-12-22 at 16:29 +0100, Jason A. Donenfeld wrote:
> On Thu, Dec 22, 2016 at 4:12 PM, Jason A. Donenfeld <Jason@...c4.com> wrote:
> > As a first step, I'm considering adding a patch to move halfmd4.c
> > inside the ext4 domain, or at the very least, simply remove it from
> > linux/cryptohash.h. That'll then leave the handful of bizarre sha1
> > usages to consider.
> 
> Specifically something like this:
> 
> https://git.zx2c4.com/linux-dev/commit/?h=siphash&id=978213351f9633bd1e3d1fdc3f19d28e36eeac90
> 
> That only leaves two more uses of "cryptohash" to consider, but they
> require a bit of help. First, sha_transform in net/ipv6/addrconf.c.
> That might be a straight-forward conversion to SipHash, but perhaps
> not; I need to look closely and think about it. The next is
> sha_transform in kernel/bpf/core.c. I really have no idea what's going
> on with the eBPF stuff, so that will take a bit longer to study. Maybe
> sha1 is fine in the end there? I'm not sure yet.

IPv6 you cannot touch anymore. The hashing algorithm is part of uAPI.
You don't want to give people new IPv6 addresses with the same stable
secret (across reboots) after a kernel upgrade. Maybe they lose
connectivity then and it is extra work?

The bpf hash stuff can be changed during this merge window, as it is
not yet in a released kernel. Albeit I would probably have preferred
something like sha256 here, which can be easily replicated by user
space tools (minus the problem of patching out references to not
hashable data, which must be zeroed).

Bye,
Hannes

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.