From: Daniel Borkmann Subject: Re: [PATCH v2 7/8] net: Rename TCA*BPF_DIGEST to ..._SHA256 Date: Sat, 14 Jan 2017 00:08:30 +0100 Message-ID: <58795DEE.3090403@iogearbox.net> References: <58758169.2020408@iogearbox.net> <5875F65A.4010904@iogearbox.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Cc: Andy Lutomirski , Netdev , LKML , Linux Crypto Mailing List , "Jason A. Donenfeld" , Hannes Frederic Sowa , Alexei Starovoitov , Eric Dumazet , Eric Biggers , Tom Herbert , "David S. Miller" , Alexei Starovoitov To: Andy Lutomirski Return-path: Received: from www62.your-server.de ([213.133.104.62]:48748 "EHLO www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751378AbdAMXIj (ORCPT ); Fri, 13 Jan 2017 18:08:39 -0500 In-Reply-To: Sender: linux-crypto-owner@vger.kernel.org List-ID: On 01/11/2017 07:19 PM, Andy Lutomirski wrote: > On Wed, Jan 11, 2017 at 1:09 AM, Daniel Borkmann wrote: [...] >> Ok. Sleeping over this a bit, how about a general rename into >> "prog_tag" for fdinfo and TCA_BPF_TAG resp. TCA_ACT_BPF_TAG for >> the netlink attributes, fwiw, it might reduce any assumptions on >> this being made? If this would be preferable, I could cook that >> patch against -net for renaming it? > > That would be fine with me. > > I think there are two reasonable approaches to computing the actual tag. > > 1. Use a standard, modern cryptographic hash. SHA-256, SHA-512, > Blake2b, whatever. SHA-1 is a bad choice in part because it's partly > broken and in part because the implementation in lib/ is a real mess > to use (as you noticed while writing the code). > > 2. Use whatever algorithm you like but make the tag so short that it's > obviously not collision-free. 48 or 64 bits is probably reasonable. > > The intermediate versions are just asking for trouble. Yeah agree, I've just sent a patch to rework this a bit and it got also reasonably small for net. Cleanups, if needed, can be done in net-next once that's pulled into it. Thanks, Daniel