svn commit: r239569 - head/etc/rc.d
David O'Brien
obrien at FreeBSD.org
Thu Sep 6 18:28:17 UTC 2012
On Thu, Sep 06, 2012 at 07:42:49PM +0200, Dag-Erling Smrgrav wrote:
> David O'Brien <obrien at FreeBSD.org> writes:
> > RW <rwmaillists at googlemail.com> writes:
> > > IMO the order should be reversed or the low-grade stuff should be
> > > piped through sha256.
> > We considered that. Arthur wanted to do it sooner, but I'm concerned
> > about impact of multiple sha256 invocations on a large amount of data
> > on low-end MIPS.
>
> Is there a reason to choose sha256 over a weaker, faster hash?
I see Arthur,
But still wanted to give my own longer responce.
Using a weaker hash could reduce the amount of entropy in the output
(due to collisions).
The Yarrow paper makes this argument (but willing to potentially loose
some entropy) in 5 'The Generic Yarrow Design an Yarrow-160'
The reason is if you take an 'm' bit random value and apply a hash
function that produces 'm' bits of output, the result has less than
'm' bits of entropy due to the collisions that occur. This is a very
minor effect, and overall results in the loss of at most a few bits
of entropy.
For a good entropy input I likely agree with you.
But for the poor-grade entropy input I don't think we want to
prematurely loose any of it.
But I have not fully thought thru potential loss of entropy in a hash
of a hash [where entropy was or wasn't lost].
--
-- David (obrien at FreeBSD.org)
More information about the freebsd-security
mailing list