[babel] rather than ripemd160...

Dave Taht <dave.taht@gmail.com> Mon, 26 November 2018 12:43 UTC

Return-Path: <dave.taht@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C6E8126CC7 for <babel@ietfa.amsl.com>; Mon, 26 Nov 2018 04:43:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.877
X-Spam-Level:
X-Spam-Status: No, score=-0.877 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URI_HEX=1.122] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gBRyqtWM--bN for <babel@ietfa.amsl.com>; Mon, 26 Nov 2018 04:43:47 -0800 (PST)
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8F6A12D4EA for <babel@ietf.org>; Mon, 26 Nov 2018 04:43:47 -0800 (PST)
Received: by mail-qt1-x82a.google.com with SMTP id p17so17276313qtl.5 for <babel@ietf.org>; Mon, 26 Nov 2018 04:43:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=jti0zm07ZBdSZ4EzqOL/k3n1/qx0+GHZ7qN7UkI2P0U=; b=cXrf3cgWRxH4Q0ZvJLokx0Np/r3g5DpEy4Wv3okUEeD0PLuWb/n+TCiPnaC+h7Amp8 VUPbkNRhpuz0Z/vN9Bp7V6aCfcrXaM+e0crYZ5PcNt7PobuoJBa0SXSD2ECxSHZk0QoV xGrubCDrUKGkdN1fpq+sdL+0e7OMi4FeWHjnpamImOdOTH4vmvdSXCvz/uyzcu43cWmK 2D5U32r4Py3F2sv1mE2RPckQzPqr+/5qRwgv4jDeoyv0GUTJq/T0QLj28bxbiY/yw65/ PoWHZEvTidxafmqrslqRyRBns3ozAXNXKlxSmoG2CdOXwJ05VLtHwv5LU4lf1mL9Q3Lr D2lw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=jti0zm07ZBdSZ4EzqOL/k3n1/qx0+GHZ7qN7UkI2P0U=; b=KU+/Ur8VX0xjTvbGpEa9k7ReDcmkuQ0pGOOebV24n/bDEZoa15KiBj6lfo9kb9EQh/ FdQVV9Cmm3RJcDZAxh0dkQvP0ZWtraIniAc4J4hXaBRoLQIzLCBG3kJ8xchLfWoa6Jp6 pDPjqeBF2BZGLj+Ex2YkGfa+EMvvRQOAUmxWlzrUCeqCKXw8/0p9a/2YHiTH8G5Ew/Cs iLXY0TJ21wa4yw3rRXOHvJNeQ5lHu7l8tBMUiUDMp7pvR03lPr86u44r6T+jP1X4RoU/ Qe7MWXsL79pvJ74EEY8vp/w5qVvXa8fS1ptMRcxjG5WeJsTCvIoJwhdJMn9cURhy9m70 AHRw==
X-Gm-Message-State: AGRZ1gIg8dPrS8MToiLRXZDToxFko/S9nFmse9e3eXbniVa2s1N18Cpm xXc1Wd9tZOKNqJFkkjdlKiUBIJ6WSy4tQQPxbKB80uf1
X-Google-Smtp-Source: AJdET5dP+EMD5ix9pXF++9Ru/1wF+IsW80TEmZ3Va83aZ+OxJqkmxWjxoLAjU53nRZLJBuG6Ijap5xZdPn3BPMbbeeM=
X-Received: by 2002:ac8:3065:: with SMTP id g34mr26265208qte.136.1543236226608; Mon, 26 Nov 2018 04:43:46 -0800 (PST)
MIME-Version: 1.0
From: Dave Taht <dave.taht@gmail.com>
Date: Mon, 26 Nov 2018 04:43:34 -0800
Message-ID: <CAA93jw5fHRm21yEJsabiiOF1ZP7Zh3M_gEgRo0imBOpRGhf0qA@mail.gmail.com>
To: babel-users <babel-users@lists.alioth.debian.org>, Babel at IETF <babel@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/hDdSmYNWYn7SRez7AmmNynCdwOs>
Subject: [babel] rather than ripemd160...
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2018 12:43:49 -0000

I have been fiddling with the hmac-challenge branch and deeply unhappy
at the prospect of how much cpu this may end up consuming on the cheap
MIPs routers common today (which are, admittedly, rapidly being
replaced by cheap ARM ones).  (let's not talk about dtls)

Anyway, the default hash function is sha256 in the hmac-challenge
branch. I approve, there's hardware support for it, and if someone
breaks it, civilization collapses, so an alternate hmac is a "good to
have", and what's in that branch... is ripemd160.

Both blake and siphash seem like a superior choice for an alternate
hmac function to ripemd160. In particular blake is subject of its own
RFC, and comes in several clean highly optimized versions for x86 and
arm architectures.

https://blake2.net/ -


https://www.131002.net/siphash/siphash.pdf ?


-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740