On Fri, Dec 23, 2016 at 7:19 PM, Hannes Frederic Sowa
wrote:
> Factoring out sha3
Per the other thread, you probably don't actually want SHA3, because
it's slow in software. You want SHA2. If you want something faster and
better, then Blake2 is most certainly the way
On 23.12.2016 17:42, Andy Lutomirski wrote:
> On Fri, Dec 23, 2016 at 8:23 AM, Andy Lutomirski wrote:
>> On Fri, Dec 23, 2016 at 3:59 AM, Daniel Borkmann
>> wrote:
>>> On 12/23/2016 11:59 AM, Hannes Frederic Sowa wrote:
On Fri, 2016-12-23 at
On Fri, Dec 23, 2016 at 8:23 AM, Andy Lutomirski wrote:
> On Fri, Dec 23, 2016 at 3:59 AM, Daniel Borkmann wrote:
>> On 12/23/2016 11:59 AM, Hannes Frederic Sowa wrote:
>>>
>>> On Fri, 2016-12-23 at 11:04 +0100, Daniel Borkmann wrote:
On
On Fri, Dec 23, 2016 at 3:59 AM, Daniel Borkmann wrote:
> On 12/23/2016 11:59 AM, Hannes Frederic Sowa wrote:
>>
>> On Fri, 2016-12-23 at 11:04 +0100, Daniel Borkmann wrote:
>>>
>>> On 12/22/2016 05:59 PM, Hannes Frederic Sowa wrote:
On Thu, 2016-12-22 at 08:07
On 12/23/2016 11:59 AM, Hannes Frederic Sowa wrote:
On Fri, 2016-12-23 at 11:04 +0100, Daniel Borkmann wrote:
On 12/22/2016 05:59 PM, Hannes Frederic Sowa wrote:
On Thu, 2016-12-22 at 08:07 -0800, Andy Lutomirski wrote:
[...]
The hashing is not a proper sha1 neither, unfortunately. I think
On Fri, 2016-12-23 at 11:04 +0100, Daniel Borkmann wrote:
> On 12/22/2016 05:59 PM, Hannes Frederic Sowa wrote:
> > On Thu, 2016-12-22 at 08:07 -0800, Andy Lutomirski wrote:
> > > On Thu, Dec 22, 2016 at 7:51 AM, Hannes Frederic Sowa
> > > wrote:
> > > > On Thu,
On 12/22/2016 06:25 PM, Andy Lutomirski wrote:
On Thu, Dec 22, 2016 at 8:59 AM, Hannes Frederic Sowa
[...]
I wondered if bpf program loading should have used the module loading
infrastructure from the beginning...
That would be way too complicated and would be nasty for the unprivileged
On 12/22/2016 05:59 PM, Hannes Frederic Sowa wrote:
On Thu, 2016-12-22 at 08:07 -0800, Andy Lutomirski wrote:
On Thu, Dec 22, 2016 at 7:51 AM, Hannes Frederic Sowa
wrote:
On Thu, 2016-12-22 at 16:41 +0100, Jason A. Donenfeld wrote:
On Thu, Dec 22, 2016 at 4:33 PM,
On 22.12.2016 20:56, Andy Lutomirski wrote:
> It's also not quite clear to me why userspace needs to be able to
> calculate the digest on its own. A bpf(BPF_CALC_PROGRAM_DIGEST)
> command that takes a BPF program as input and hashes it would seem to
> serve the same purpose, and that would allow
On Thu, Dec 22, 2016 at 11:34 AM, Alexei Starovoitov
wrote:
> On Thu, Dec 22, 2016 at 9:25 AM, Andy Lutomirski wrote:
>> On Thu, Dec 22, 2016 at 8:59 AM, Hannes Frederic Sowa
>> wrote:
>>> On Thu, 2016-12-22 at 08:07
On Thu, Dec 22, 2016 at 9:25 AM, Andy Lutomirski wrote:
> On Thu, Dec 22, 2016 at 8:59 AM, Hannes Frederic Sowa
> wrote:
>> On Thu, 2016-12-22 at 08:07 -0800, Andy Lutomirski wrote:
>>
>> We don't prevent ebpf programs being loaded based on the
On Thu, Dec 22, 2016 at 5:59 PM, Hannes Frederic Sowa
wrote:
> We don't prevent ebpf programs being loaded based on the digest but
> just to uniquely identify loaded programs from user space and match up
> with their source.
Okay, so in that case, a weak hashing
On Thu, 2016-12-22 at 09:25 -0800, Andy Lutomirski wrote:
> On Thu, Dec 22, 2016 at 8:59 AM, Hannes Frederic Sowa
> wrote:
> > On Thu, 2016-12-22 at 08:07 -0800, Andy Lutomirski wrote:
> > >
> > > You mean:
> > >
> > > commit 7bd509e311f408f7a5132fcdde2069af65fa05ae
On Thu, Dec 22, 2016 at 8:59 AM, Hannes Frederic Sowa
wrote:
> On Thu, 2016-12-22 at 08:07 -0800, Andy Lutomirski wrote:
>> On Thu, Dec 22, 2016 at 7:51 AM, Hannes Frederic Sowa
>> wrote:
>> > On Thu, 2016-12-22 at 16:41 +0100, Jason A.
On Thu, 2016-12-22 at 08:07 -0800, Andy Lutomirski wrote:
> On Thu, Dec 22, 2016 at 7:51 AM, Hannes Frederic Sowa
> wrote:
> > On Thu, 2016-12-22 at 16:41 +0100, Jason A. Donenfeld wrote:
> > > Hi Hannes,
> > >
> > > On Thu, Dec 22, 2016 at 4:33 PM, Hannes Frederic
On Thu, Dec 22, 2016 at 8:28 AM, Jason A. Donenfeld wrote:
> Hi all,
>
> I don't know what your design requirements are for this. It looks like
> you're generating some kind of crypto digest of a program, and you
> need to avoid collisions. If you'd like to go with a PRF (keyed
Hi all,
I don't know what your design requirements are for this. It looks like
you're generating some kind of crypto digest of a program, and you
need to avoid collisions. If you'd like to go with a PRF (keyed hash
function) that uses some kernel secret key, then I'd strongly suggest
using
On Thu, Dec 22, 2016 at 7:51 AM, Hannes Frederic Sowa
wrote:
> On Thu, 2016-12-22 at 16:41 +0100, Jason A. Donenfeld wrote:
>> Hi Hannes,
>>
>> On Thu, Dec 22, 2016 at 4:33 PM, Hannes Frederic Sowa
>> wrote:
>> > IPv6 you cannot touch
18 matches
Mail list logo