Re: [PATCH v6 3/5] random: use SipHash in place of MD5

2016-12-16 Thread Andy Lutomirski
On Fri, Dec 16, 2016 at 1:45 PM, Jason A. Donenfeld wrote: > Hi Andy, > > On Fri, Dec 16, 2016 at 10:31 PM, Andy Lutomirski wrote: >> I think it would be nice to try to strenghen the PRNG construction. >> FWIW, I'm not an expert in PRNGs, and there's fairly

Re: [PATCH v6 3/5] random: use SipHash in place of MD5

2016-12-16 Thread Jason A. Donenfeld
Hi Andy, Ted, I've made the requested changes. Keys now rotate and are per-CPU based. The chaining value is now additive instead of replacing. DavidL suggested I lower the velocity of `git-send-email` triggers, so if you'd like to take a look at this before I post v7, you can follow along at my

Re: [PATCH v6 3/5] random: use SipHash in place of MD5

2016-12-16 Thread Jason A. Donenfeld
Hi Andy, On Fri, Dec 16, 2016 at 10:31 PM, Andy Lutomirski wrote: > I think it would be nice to try to strenghen the PRNG construction. > FWIW, I'm not an expert in PRNGs, and there's fairly extensive > literature, but I can at least try. In an effort to keep this patchset

Re: [PATCH v6 3/5] random: use SipHash in place of MD5

2016-12-16 Thread Andy Lutomirski
On Thu, Dec 15, 2016 at 7:03 PM, Jason A. Donenfeld wrote: > -static DEFINE_PER_CPU(__u32 [MD5_DIGEST_WORDS], get_random_int_hash) > - __aligned(sizeof(unsigned long)); > +static DEFINE_PER_CPU(u64, get_random_int_chaining); > [...] > unsigned long

[PATCH v6 3/5] random: use SipHash in place of MD5

2016-12-15 Thread Jason A. Donenfeld
This duplicates the current algorithm for get_random_int/long, but uses siphash instead. This comes with several benefits. It's certainly faster and more cryptographically secure than MD5. This patch also separates hashed fields into three values instead of one, in order to increase diffusion.