On Fri, Dec 16, 2016 at 11:13 PM, George Spelvin <linux@xxxxxxxxxxxxxxxxxxx> wrote: > Remembering that on "real" machines it's full SipHash, then I'd say that > 64-bit security + rekeying seems reasonable. 64-bit security for an RNG is not reasonable even with rekeying. No no no. Considering we already have a massive speed-up here with the secure version, there's zero reason to start weakening the security because we're trigger happy with our benchmarks. No no no. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html