On Fri, Jan 14, 2022 at 4:08 PM Ard Biesheuvel <ardb@xxxxxxxxxx> wrote: > Yeah, so the issue is that, at *some* point, SHA-1 is going to have to > go. So it would be helpful if Alexei could clarify *why* he doesn't > see this as a problem. The fact that it is broken means that it is no > longer intractable to forge collisions, which likley means that SHA-1 > no longer fulfills the task that you wanted it to do in the first > place. I think the reason that Alexei doesn't think that the SHA-1 choice really matters is because the result is being truncated to 64-bits, so collisions are easy anyway, regardless of which hash function is chosen (birthday bound and all). But from Geert's perspective, that SHA-1 is still taking up precious bytes in m68k builds. And from my perspective, it's poor form and clutters vmlinux, and plus, now I'm curious about why this isn't using a more appropriately sized tag in the first place. On Fri, Jan 14, 2022 at 3:12 PM Jason A. Donenfeld <Jason@xxxxxxxxx> wrote: > "checksum" -- the thing is only 64-bits, and as you told Andy Polyakov Whoops, meant Lutomirski here. x86 Andy, not crypto Andy :)
