On Tue, Feb 20, 2007 at 12:03:04PM -0800, Michael K. Edwards ([EMAIL
PROTECTED]) wrote:
> >I just shown a problem in jenkins hash - it is not how to find a
> >differnet input for the same output - it is a _law_ which allows to
> >break a hash. You will add some constant, and that law will be turned
> >into something different (getting into account what was written, it will
> >end up with the same law).
>
> Correct. That's called a "weak hash", and Jenkins is known to be a
> thoroughly weak hash. That's why you never, ever use it without a
> salt, and you don't let an attacker inspect the hash output either.
Again, where will be your salt?
I'm going to show you that having constant xor on fairly distributed
system will not change distribution as long as bad one.
> >Using jenkins hash is equal to the situation, when part of you hash
> >chains will be 5 times longer than median square value, with XOR one
> >there is no such distribution.
>
> Show us the numbers. Salt properly this time to reduce the artifacts
> that come of applying a weak hash to a poor PRNG, and histogram your
> results. If you don't get a Poisson distribution you probably don't
> know how to use gnuplot either. :-)
I shown that numbers 4 times already, do you read mails and links?
Did you see an artifact Eric showed with his data?
> >Added somthing into permutations will not endup in different
> >distribution, since it is permutations which are broken, not its result
> >(which can be xored with something).
>
> I can't parse this. Care to try again?
Whre are you going to add a salt into jenkins hash to fix its
distribution?
In other words - jenkins hash is equal to simple shift - it is a hash
too, and it has bad distribution too, where will added salt ever help in
that scenario?
> Cheers,
> - Michael
--
Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
