On Sat, Dec 06, 2014 at 20:15, Max Fillinger wrote: > To pass the time until siphash arrives in userland... > > I'd like to suggest some changes to the manpage of SipHash24(9): > I added some more details about the intended purpose of SipHash and I > moved the recommendation to use arc4random for the key to the beginning. > > In case you don't like this diff, I'd like to point out a grammar error > in the original manpage: You mitigate sth., not *against* sth. > > One question: Since e.g. the manpage of MD5 lists the RFC that defines > MD5, would it make sense to refer to the paper that defines SipHash?
Actually, I think the man page should simply recommend generating the key with arc4random_buf. No If. References to papers are welcome as well. > > Index: share/man/man9/SipHash24.9 > =================================================================== > RCS file: /cvs/src/share/man/man9/SipHash24.9,v > retrieving revision 1.3 > diff -u -p -r1.3 SipHash24.9 > --- share/man/man9/SipHash24.9 5 Nov 2014 07:01:49 -0000 1.3 > +++ share/man/man9/SipHash24.9 6 Dec 2014 19:10:49 -0000 > @@ -42,6 +42,12 @@ inputs which produces a 64-bit digest of > The SipHash24 functions implement the algorithm with 2 compression > rounds and 4 finalisation rounds. > .Pp > +SipHash is well-suited for hash tables because of its good > +performance on short inputs and because it provides resistance to > +hash-flooding denial-of-service attacks. > +If such attacks are a concern, the key should be generated using > +.Xr arc4random_buf 9 . > +.Pp > .Fn SipHash24_Init > initialises a > .Vt SIPHASH_CTX > @@ -87,11 +93,6 @@ of length > with the secret > .Fa key . > -.Pp > -If SipHash is being used to mitigate against hash-table flooding > -attacks, it is recommended that the > -.Vt SIPHASH_KEY > -key be generated with > -.Xr arc4random_buf 9 . > .Sh CONTEXT > .Fn SipHash24_Init , > .Fn SipHash24_Update ,
