Re: [kernel-hardening] Re: HalfSipHash Acceptable Usage

From: Eric Dumazet
Date: Wed Dec 21 2016 - 12:08:46 EST

Next message: Jeff Layton: "[RFC PATCH v1 11/30] fs: new API for handling i_version"
Previous message: Jeff Layton: "[RFC PATCH v1 19/30] nfs: convert to new i_version API"
In reply to: Rik van Riel: "Re: [kernel-hardening] Re: HalfSipHash Acceptable Usage"
Next in thread: George Spelvin: "Re: HalfSipHash Acceptable Usage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2016-12-21 at 11:39 -0500, Rik van Riel wrote:

> Does anybody still have a P4?
>
> If they do, they're probably better off replacing
> it with an Atom. The reduced power bills will pay
> for replacing that P4 within a year or two.

Well, maybe they have millions of units to replace.

>
> In short, I am not sure how important the P4
> performance numbers are, especially if we can
> improve security for everybody else...

Worth adding that the ISN or syncookie generation are less than 10% of
the actual cost of handling a problematic (having to generate ISN or
syncookie) TCP packet anyway.

So we are talking of minors potential impact for '2000-era' cpus.

Definitely I vote for using SipHash in TCP ASAP.

Next message: Jeff Layton: "[RFC PATCH v1 11/30] fs: new API for handling i_version"
Previous message: Jeff Layton: "[RFC PATCH v1 19/30] nfs: convert to new i_version API"
In reply to: Rik van Riel: "Re: [kernel-hardening] Re: HalfSipHash Acceptable Usage"
Next in thread: George Spelvin: "Re: HalfSipHash Acceptable Usage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]