On Wed, Jan 12, 2022 at 02:12:01PM +0100, Jason A. Donenfeld wrote: > Hi, > > There are currently two remaining users of SHA-1 left in the kernel: bpf > tag generation, and ipv6 address calculation. In an effort to reduce > code size and rid ourselves of insecure primitives, this RFC patchset > moves to using the more secure BLAKE2s function. What's the rationale to use 2s and not 2b? Everywhere I can find the 2s version is said to be for 8bit up to 32bit machines and it's worse than 2b in benchmarks (reading https://bench.cr.yp.to/results-hash.html). I'd understand you go with 2s because you also chose it for wireguard but I'd like know why 2s again even if it's not made for 64bit architectures that are preferred nowadays.