Re: RFC 7217: random but stable addresses (take 2)

2017-07-15 Thread Tom Cosgrove
>>> Christian Weisgerber 14-Jul-17 23:04 >>> > > > secondly, im always wary of truncating hash output in case it throws > > away some of the guarantees it's supposed to provide. if you cut > > sha512 output down to an 8th of its size, is it 8 times easier to > > calculate a collision, or more than

Re: RFC 7217: random but stable addresses (take 2)

2017-07-14 Thread Christian Weisgerber
David Gwynne: > secondly, im always wary of truncating hash output in case it throws away > some of the guarantees it's supposed to provide. if you cut sha512 output > down to an 8th of its size, is it 8 times easier to calculate a collision, or > more than 8 times easier? sha384 being a

Re: RFC 7217: random but stable addresses (take 2)

2017-07-14 Thread Florian Obser
On Fri, Jul 14, 2017 at 11:06:49AM +1000, David Gwynne wrote: > > > On 14 Jul 2017, at 06:30, Christian Weisgerber wrote: > > > > On 2017-07-13, Florian Obser wrote: > > > >> It switches the hash function to SipHash24 from sha512 as suggested by dlg >

Re: RFC 7217: random but stable addresses (take 2)

2017-07-14 Thread Florian Obser
On Thu, Jul 13, 2017 at 08:30:55PM -, Christian Weisgerber wrote: > On 2017-07-13, Florian Obser wrote: [...] > > +# Apply soiikey.conf settings. > > +soiikey_conf() { > > + stripcom /etc/soiikey.conf | > > + while read _line; do > > + sysctl -q

Re: RFC 7217: random but stable addresses (take 2)

2017-07-13 Thread Ted Unangst
David Gwynne wrote: > secondly, im always wary of truncating hash output in case it throws away > some of the guarantees it's supposed to provide. if you cut sha512 output > down to an 8th of its size, is it 8 times easier to calculate a collision, or > more than 8 times easier? sha384 being a

Re: RFC 7217: random but stable addresses (take 2)

2017-07-13 Thread David Gwynne
> On 14 Jul 2017, at 06:30, Christian Weisgerber wrote: > > On 2017-07-13, Florian Obser wrote: > >> It switches the hash function to SipHash24 from sha512 as suggested by dlg > > It's for from clear to me whether SipHash is suitable for crypto >

Re: RFC 7217: random but stable addresses (take 2)

2017-07-13 Thread Christian Weisgerber
On 2017-07-13, Florian Obser wrote: > It switches the hash function to SipHash24 from sha512 as suggested by dlg It's for from clear to me whether SipHash is suitable for crypto operations, and which ones, other than the hash tables it was designed for. We went with

Re: RFC 7217: random but stable addresses (take 2)

2017-07-13 Thread Florian Obser
On Thu, Jul 13, 2017 at 05:59:24PM +0200, Alexander Bluhm wrote: > On Thu, Jul 13, 2017 at 03:43:50PM +, Florian Obser wrote: > > It switches the hash function to SipHash24 from sha512 as suggested by dlg > > Is is performance critical? Then siphash would be better. no > > Is is a

Re: RFC 7217: random but stable addresses (take 2)

2017-07-13 Thread Alexander Bluhm
On Thu, Jul 13, 2017 at 03:43:50PM +, Florian Obser wrote: > It switches the hash function to SipHash24 from sha512 as suggested by dlg Is is performance critical? Then siphash would be better. Is is a security concern? Is is a problem that someone could try to calculate our secret when he

RFC 7217: random but stable addresses (take 2)

2017-07-13 Thread Florian Obser
this has all the bells and whistles notably the installer and documentation for the net.inet6.ip6.soiikey sysctl are missing. the sysctl implementation is from dlg, all the mistakes are probably tweaks by me ;) It switches the hash function to SipHash24 from sha512 as suggested by dlg Comments,