SipHash Is Being Worked On For Further Security In The Linux Kernel

Written by Michael Larabel in Linux Kernel on 8 January 2017 at 08:28 AM EST. 8 Comments
Jason Donenfeld who has been working on the WireGuard secure network tunnel for Linux has also been working on another security enhancement: adding the SipHash PRF to the Linux kernel.

Donenfeld is now up to his third version of patches for integrating the SipHash pseudorandom functions into the Linux kernel. For those wanting some background about SipHash, there is an explanation via Wikipedia while a lot more technical information can be found via this SipHash page.

The work being done in the kernel space is adding SipHash to the Linux kernel and then so far making use of it in two different places: using SipHash in place of MD5 in secure_seq and using it in place of SHA1 in syncookies. These uses are for avoiding hashtable poisoning and that SipHash is faster than MD5/SHA1 for creating secure sequence numbers. A better explanation can be found via this patch message by Jason.

Donenfeld says there are also other places within the Linux kernel he's looking to use SipHash, but first is planning to bring it in through the networking subsystem (hopefully for Linux 4.11) and after that's landed he and other developers can begin making use of it in other subsystems. Those wanting to learn more can see the latest patch series. SipHash is already in use by some BSDs, among other software projects.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week