Certainly if it's used on externally presented data it's a worthwhile change, but AFAIK that isn't the case.
Peter
-----"openssl-dev" <openssl-dev-boun...@openssl.org> wrote: -----
To: openssl-dev@openssl.org
From: Jeremy Farrell
Sent by: "openssl-dev"
Date: 01/12/2017 11:17AM
Subject: Re: [openssl-dev] [EXTERNAL] Re: use SIPhash for OPENSSL_LH_strhash?
For something like SipHash, knowing "whichever algo the server uses" effectively implies knowing the 128-bit random key currently being used for the hash table in question.
Regards,
jjf
From: Jeremy Farrell
Sent by: "openssl-dev"
Date: 01/12/2017 11:17AM
Subject: Re: [openssl-dev] [EXTERNAL] Re: use SIPhash for OPENSSL_LH_strhash?
For something like SipHash, knowing "whichever algo the server uses" effectively implies knowing the 128-bit random key currently being used for the hash table in question.
Regards,
jjf
On 12/01/2017 00:39, Sands, Daniel
wrote:
With a small number of buckets, it seems to me that no hash algo will
make you safe from a flooding attack. You can simply generate your
hashes locally using whichever algo the server uses, and only send those
that fit into your attack scheme. The data could even be pre-generated.
The only way to guard against a flood that makes sense to me is to limit
the number of items that can be accepted before deciding you're being
trolled.
On Wed, 2017-01-11 at 23:29 +0000, J. J. Farrell wrote:Are the issues you raise true of SipHash, given that a prime motivator
for its design was generating hash tables for short inputs while being
secure against hash flooding attacks? It achieves this with the
performance of a portable C implementation the order of four times
faster than MD5, and not much slower than other modern hash
algorithms.
I'd have thought the main thing to consider is whether or not there is
any practical way a hash flooding attack could be used against
OpenSSL's hash tables, and it sounds like there isn't. In that case,
the fastest algorithm for the usage patterns would be best.
Regards,
jjf
On 11/01/2017 22:25, Peter Waltenberg wrote:And the reason I said you certainly don't need a keyed hash ?
Behaviour of the hash function will change with key and in some
cases performance would degenerate to that of a linked list. (Ouch).
And since the obvious thing to do is use a random key, OpenSSL's
performance would get *very* erratic.
Simpler functions than cryptographic hashes will almost certainly
yield better results here. I note someone further up the thread
someone else has pointed that out.
Peter
From: "Salz, Rich" <rs...@akamai.com>
To: "openssl-dev@openssl.org" <openssl-dev@openssl.org>
Date: 11/01/2017 13:14
Subject: Re: [openssl-dev] use SIPhash for
OPENSSL_LH_strhash?
Sent by: "openssl-dev" <openssl-dev-boun...@openssl.org>
____________________________________________________________________
The needs for OpenSSL's LHASH are exactly what SipHash was designed
for: fast on short strings.
OpenSSL's hash currently *does not* call MD5 or SHA1; the MD5 code
is commented out.
Yes, performance tests would greatly inform the decision.--
J. J. Farrell
Not speaking for Oracle
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
--
J. J. Farrell
w: +44 161 493 4838
J. J. Farrell
w: +44 161 493 4838
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
