From: Eric Dumazet Subject: Re: [kernel-hardening] Re: HalfSipHash Acceptable Usage Date: Wed, 21 Dec 2016 09:08:21 -0800 Message-ID: <1482340101.8944.53.camel@edumazet-glaptop3.roam.corp.google.com> References: <20161221032829.3031.qmail@ns.sciencehorizons.net> <1482298164.8944.8.camel@edumazet-glaptop3.roam.corp.google.com> <1482335804.8944.44.camel@edumazet-glaptop3.roam.corp.google.com> <1482338385.11006.67.camel@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Cc: kernel-hardening@lists.openwall.com, "Jason A. Donenfeld" , George Spelvin , Theodore Ts'o , Andi Kleen , David Miller , David Laight , "Daniel J . Bernstein" , Eric Biggers , Hannes Frederic Sowa , Jean-Philippe Aumasson , Linux Crypto Mailing List , LKML , Andy Lutomirski , Netdev , Tom Herbert , Linus Torvalds , Vegard Nossum To: Rik van Riel Return-path: In-Reply-To: <1482338385.11006.67.camel@redhat.com> Sender: netdev-owner@vger.kernel.org List-Id: linux-crypto.vger.kernel.org On Wed, 2016-12-21 at 11:39 -0500, Rik van Riel wrote: > Does anybody still have a P4? > > If they do, they're probably better off replacing > it with an Atom. The reduced power bills will pay > for replacing that P4 within a year or two. Well, maybe they have millions of units to replace. > > In short, I am not sure how important the P4 > performance numbers are, especially if we can > improve security for everybody else... Worth adding that the ISN or syncookie generation are less than 10% of the actual cost of handling a problematic (having to generate ISN or syncookie) TCP packet anyway. So we are talking of minors potential impact for '2000-era' cpus. Definitely I vote for using SipHash in TCP ASAP.