On Thu, Jul 13, 2017 at 05:59:24PM +0200, Alexander Bluhm wrote: > On Thu, Jul 13, 2017 at 03:43:50PM +0000, Florian Obser wrote: > > It switches the hash function to SipHash24 from sha512 as suggested by dlg > > Is is performance critical? Then siphash would be better.
no > > Is is a security concern? Is is a problem that someone could try maybe.. > to calculate our secret when he knows a bunch of our IP addresses? > Then sha512 would be better. if you know the key and the mac you can track a host when it moves to a different prefix. > > I don't know wether the algorithm is relevant here. So I would > have chosen sha512. sha512 is certainly the conservative choice. note that we are only use 64 bit so the digest is a wee bit to big ;) I'm happy to bikeshed this for a bit since it kinda defeats the purpose if we need to change the hash function later. dlg? > > bluhm > -- I'm not entirely sure you are real.