Are the issues you raise true of SipHash, given that a prime motivator
for its design was generating hash tables for short inputs while being
secure against hash flooding attacks? It achieves this with the
performance of a portable C implementation the order of four times
faster than MD5, and not much slower than other modern hash algorithms.
I'd have thought the main thing to consider is whether or not there is
any practical way a hash flooding attack could be used against OpenSSL's
hash tables, and it sounds like there isn't. In that case, the fastest
algorithm for the usage patterns would be best.
Regards,
jjf
On 11/01/2017 22:25, Peter Waltenberg wrote:
And the reason I said you certainly don't need a keyed hash ?
Behaviour of the hash function will change with key and in some cases
performance would degenerate to that of a linked list. (Ouch). And
since the obvious thing to do is use a random key, OpenSSL's
performance would get *very* erratic.
Simpler functions than cryptographic hashes will almost certainly
yield better results here. I note someone further up the thread
someone else has pointed that out.
Peter
From: "Salz, Rich" <rs...@akamai.com>
To: "openssl-dev@openssl.org" <openssl-dev@openssl.org>
Date: 11/01/2017 13:14
Subject: Re: [openssl-dev] use SIPhash for OPENSSL_LH_strhash?
Sent by: "openssl-dev" <openssl-dev-boun...@openssl.org>
------------------------------------------------------------------------
The needs for OpenSSL's LHASH are exactly what SipHash was designed
for: fast on short strings.
OpenSSL's hash currently *does not* call MD5 or SHA1; the MD5 code is
commented out.
Yes, performance tests would greatly inform the decision.
--
J. J. Farrell
Not speaking for Oracle
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev