Rust is using SipHash for std::hash (I believe?). This is a great conservative choice that mitigates hashDoS.
However, it'd be nice if there were a faster option which still prevented an attacker from colliding parameters, right? There is! It's called universal hashing: http://en.wikipedia.org/wiki/Universal_hashing Universal hashing provides families of hash functions that are hard to collide, even when the attacker is choosing the parameters at will as part of an adaptive attack. The implementation is compact, fast, and relies only on some parameters which can be chosen at application startup. In the wild universal hashing is used for things like UMAC: http://en.wikipedia.org/wiki/UMAC -- Tony Arcieri
_______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
