Re: [PATCH v2 2/2] random: use BLAKE2s instead of SHA1 in extraction
From: Jason A. Donenfeld
Date: Tue Jan 11 2022 - 07:28:54 EST
Hi Geert,
On Tue, Jan 11, 2022 at 12:38 PM Geert Uytterhoeven
<geert@xxxxxxxxxxxxxx> wrote:
> Unfortunately we cannot get rid of the sha1 code yet (lib/sha1.o is
> built-in unconditionally), as there are other users...
I think that's just how things go and a price for progress. We're not
going to stick with sha1, and blake2s has some nice properties that we
certainly want. In the future hopefully this can decrease in other
ways based on other future improvements. But that's where we are now.
If you're really quite concerned about m68k code size, I can probably
do some things to reduce that. For example, blake2s256_hmac is only
used by wireguard and it could probably be made local there. And with
some trivial loop re-rolling, I can shave off another 2300 bytes. And
I bet I can find a few other things too. The question is: how
important is this to you?
Jason