I'm not familiar with the kernel RNG specifically, but I think the hash function... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		oconnor663 on Dec 31, 2021 \| parent \| context \| favorite \| on: Linux Kernel RNG is now Blake2 instead of SHA1 and... I'm not familiar with the kernel RNG specifically, but I think the hash function is only used with small inputs and outputs, and it's the stream cipher (ChaCha) that has the more performance-sensitive job of generating lots of output bytes. So the performance differences between BLAKE2s and BLAKE3 probably aren't very important here, and the fact that a BLAKE2s implementation is already in the kernel makes this an easy change.

loeg on Dec 31, 2021 [–]

That makes sense, thanks. I wonder if it might make sense to use a reduced-round Chacha for generation. Aumasson calls for 8 rounds; I think Rust’s CSPRNG uses 12.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact