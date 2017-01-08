Jason Donenfeld who has been working on the WireGuard secure network tunnel for Linux has also been working on another security enhancement: adding the SipHash PRF to the Linux kernel.
Donenfeld is now up to his third version of patches for integrating the SipHash pseudorandom functions into the Linux kernel. For those wanting some background about SipHash, there is an explanation via Wikipedia while a lot more technical information can be found via this SipHash page.
The work being done in the kernel space is adding SipHash to the Linux kernel and then so far making use of it in two different places: using SipHash in place of MD5 in secure_seq and using it in place of SHA1 in syncookies. These uses are for avoiding hashtable poisoning and that SipHash is faster than MD5/SHA1 for creating secure sequence numbers. A better explanation can be found via this patch message by Jason.
Donenfeld says there are also other places within the Linux kernel he's looking to use SipHash, but first is planning to bring it in through the networking subsystem (hopefully for Linux 4.11) and after that's landed he and other developers can begin making use of it in other subsystems. Those wanting to learn more can see the latest patch series. SipHash is already in use by some BSDs, among other software projects.
