Re: [PATCH v2 1/4] siphash: add cryptographically secure hashtable function

From: Herbert Xu
Date: Thu Dec 15 2016 - 02:59:16 EST

Next message: Marc Kleine-Budde: "Re: [PATCH 8/8] Makefile: drop -D__CHECK_ENDIAN__ from cflags"
Previous message: Manish Narani: "[RFC PATCH] usb: host: xhci: plat: add support for otg_set_host() call"
In reply to: Jason A. Donenfeld: "Re: [PATCH v2 1/4] siphash: add cryptographically secure hashtable function"
Next in thread: Daniel Micay: "Re: [kernel-hardening] Re: [PATCH v2 1/4] siphash: add cryptographically secure hashtable function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jason A. Donenfeld <Jason@xxxxxxxxx> wrote:
>
> Siphash needs a random secret key, yes. The point is that the hash
> function remains secure so long as the secret key is kept secret.
> Other functions can't make the same guarantee, and so nervous periodic
> key rotation is necessary, but in most cases nothing is done, and so
> things just leak over time.

Actually those users that use rhashtable now have a much more
sophisticated defence against these attacks, dyanmic rehashing
when bucket length exceeds a preset limit.

Cheers,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Next message: Marc Kleine-Budde: "Re: [PATCH 8/8] Makefile: drop -D__CHECK_ENDIAN__ from cflags"
Previous message: Manish Narani: "[RFC PATCH] usb: host: xhci: plat: add support for otg_set_host() call"
In reply to: Jason A. Donenfeld: "Re: [PATCH v2 1/4] siphash: add cryptographically secure hashtable function"
Next in thread: Daniel Micay: "Re: [kernel-hardening] Re: [PATCH v2 1/4] siphash: add cryptographically secure hashtable function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]