From: "Jason A. Donenfeld" Subject: Re: [PATCH v5 1/4] siphash: add cryptographically secure PRF Date: Fri, 16 Dec 2016 23:18:48 +0100 Message-ID: References: <20161216204358.nlwifgcqnu6pitxs@thunk.org> <20161216221352.26899.qmail@ns.sciencehorizons.net> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Cc: "Theodore Ts'o" , Andi Kleen , David Miller , David Laight , "Daniel J . Bernstein" , Eric Biggers , Hannes Frederic Sowa , Jean-Philippe Aumasson , kernel-hardening@lists.openwall.com, Linux Crypto Mailing List , LKML , Andy Lutomirski , Netdev , Tom Herbert , Linus Torvalds , Vegard Nossum To: George Spelvin Return-path: Received: from frisell.zx2c4.com ([192.95.5.64]:45442 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1759964AbcLPWSx (ORCPT ); Fri, 16 Dec 2016 17:18:53 -0500 In-Reply-To: <20161216221352.26899.qmail@ns.sciencehorizons.net> Sender: linux-crypto-owner@vger.kernel.org List-ID: On Fri, Dec 16, 2016 at 11:13 PM, George Spelvin wrote: > Remembering that on "real" machines it's full SipHash, then I'd say that > 64-bit security + rekeying seems reasonable. 64-bit security for an RNG is not reasonable even with rekeying. No no no. Considering we already have a massive speed-up here with the secure version, there's zero reason to start weakening the security because we're trigger happy with our benchmarks. No no no.