From: "Jason A. Donenfeld" Subject: Re: [PATCH v5 1/4] siphash: add cryptographically secure PRF Date: Sat, 17 Dec 2016 02:39:50 +0100 Message-ID: References: <20161216234408.30174.qmail@ns.sciencehorizons.net> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Cc: Andi Kleen , David Miller , David Laight , "Daniel J . Bernstein" , Eric Biggers , Hannes Frederic Sowa , Jean-Philippe Aumasson , kernel-hardening@lists.openwall.com, Linux Crypto Mailing List , LKML , Andy Lutomirski , Netdev , Tom Herbert , Linus Torvalds , "Theodore Ts'o" , Vegard Nossum To: George Spelvin Return-path: Received: from frisell.zx2c4.com ([192.95.5.64]:60932 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757241AbcLQBjz (ORCPT ); Fri, 16 Dec 2016 20:39:55 -0500 In-Reply-To: <20161216234408.30174.qmail@ns.sciencehorizons.net> Sender: linux-crypto-owner@vger.kernel.org List-ID: On Sat, Dec 17, 2016 at 12:44 AM, George Spelvin wrote: > Ths advice I'd give now is: > - Implement > unsigned long hsiphash(const void *data, size_t len, const unsigned long key[2]) > .. as SipHash on 64-bit (maybe SipHash-1-3, still being discussed) and > HalfSipHash on 32-bit. I already did this. Check my branch. > - Document when it may or may not be used carefully. Good idea. I'll write up some extensive documentation about all of this, detailing use cases and our various conclusions. > - #define get_random_int (unsigned)get_random_long That's a good idea, since ultimately the other just casts in the return value. I wonder if this could also lead to a similar aliasing with arch_get_random_int, since I'm pretty sure all rdrand-like instructions return native word size anyway. > - Ted, Andy Lutorminski and I will try to figure out a construction of > get_random_long() that we all like. And me, I hope... No need to make this exclusive. Jason