Announcement

Collapse
No announcement yet.

SipHash Is Being Worked On For Further Security In The Linux Kernel

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    SipHash Is Being Worked On For Further Security In The Linux Kernel

    Phoronix: SipHash Is Being Worked On For Further Security In The Linux Kernel

    Jason Donenfeld who has been working on the WireGuard secure network tunnel for Linux has also been working on another security enhancement: adding the SipHash PRF to the Linux kernel...

    SipHash Is Being Worked On For Further Security In The Linux Kernel - Phoronix
    http://www.phoronix.com/scan.php?page=news_item&px=SipHash-PRF-V3-For-Linux
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    Hmm... https://en.wikipedia.org/wiki/SipHash#Criticism

    Comment

    • #3
      Originally posted by halo9en View Post
      Hmm... https://en.wikipedia.org/wiki/SipHash#Criticism
      But is it worse than MD5?

      To its defense, SipHash was co-designed by Daniel J. Bernstein, so it ought to be good.

      Comment

      • #4
        Typo:

        Originally posted by phoronix View Post
        SipHash is fasrter than MD5/SHA1

        Comment

        • #5
          +security, + performance = profit!

          Comment

          • #6
            Las time I considered SipHash I was horrified by the state of the standard implementation in C - it assumed the size of int and the endianness of the machine ... this was the time I decided not to trust this algo and it's authors Also there was no real crypto analysis on it so there is no real reason to have any faith in it.

            Comment

            • #7
              All a hash function can do is provide good mixing and being non-reversible.

              How you can screw up despite using a "strong" hash function see here:
              Exposure of HashMap iteration order allows for O(n²) blowup. · Issue #36481 · rust-lang/rust
              https://github.com/rust-lang/rust/issues/36481
              Exposing HashMap's iteration order can cause O(n²) blowup even in innocent-looking code without the presence of an attacker. In the presence of an attacker, access to the order of a dictionary allo...

              Comment

              • #8
                The only problem with SipHash, is that it is actually a bit slow, and hard to vector optimize (mixed vector rotates). Right now the other algorithms are either simpler and faster, or stronger and hardware accelerated. When CPUs have SHA and AES instructions, it is hard to compete with.

                Comment

                • #9
                  Originally posted by s.ivanov View Post
                  Las time I considered SipHash I was horrified by the state of the standard implementation in C - it assumed the size of int and the endianness of the machine ... this was the time I decided not to trust this algo and it's authors Also there was no real crypto analysis on it so there is no real reason to have any faith in it.
                  It assumes endian just to get the "expected" result. I think it works equally well on a big-endian machine, the resulting hash is just different. This is always an issue when reading random bytes as integers.

                  Comment

                  Previous template Next
                  Working...
                  X