Re: [PATCH v2] siphash: update the hsiphash documentation

From: Jason A. Donenfeld
Date: Thu Apr 21 2022 - 20:40:48 EST

Next message: Eric Biggers: "Re: [PATCH v2] siphash: update the hsiphash documentation"
Previous message: Stefano Stabellini: "Re: [PATCH v2] arm/xen: Fix some refcount leaks"
In reply to: Eric Biggers: "[PATCH v2] siphash: update the hsiphash documentation"
Next in thread: Eric Biggers: "Re: [PATCH v2] siphash: update the hsiphash documentation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Eric,

On Thu, Apr 21, 2022 at 05:27:31PM -0700, Eric Biggers wrote:
> +On 64-bit kernels, the hsiphash functions actually implement SipHash-1-3, a
> +reduced-round variant of SipHash, instead of HalfSipHash-1-3. This is because in
> +64-bit code, SipHash-1-3 is no slower than HalfSipHash-1-3, and can be faster.
> +Note, this does *not* mean that in 64-bit kernels the hsiphash functions are the
> +same as the siphash ones, or that they are secure; the hsiphash functions still
> +use an insecure reduced-round algorithm and truncate their outputs to 32 bits.

Small nit: "less secure" rather than "insecure", as I don't think
there's a super realistic attack against 1-3. I can make that change
when committing if that's fine by you.

Jason

Next message: Eric Biggers: "Re: [PATCH v2] siphash: update the hsiphash documentation"
Previous message: Stefano Stabellini: "Re: [PATCH v2] arm/xen: Fix some refcount leaks"
In reply to: Eric Biggers: "[PATCH v2] siphash: update the hsiphash documentation"
Next in thread: Eric Biggers: "Re: [PATCH v2] siphash: update the hsiphash documentation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]