On Wednesday, 11 January 2017 18:09:04 CET Sands, Daniel wrote:
> Just a note from my own experience way back when: I tried hashing using
> various algos and measuring bucket use as the main comparison criteria.
> I found that the crypto hashes left a fair number of unused buckets.
I can
.orgFrom: Jeremy Farrell <jeremy.farr...@oracle.com>Sent by: "openssl-dev" <openssl-dev-boun...@openssl.org>Date: 01/12/2017 11:17AMSubject: Re: [openssl-dev] [EXTERNAL] Re: use SIPhash for OPENSSL_LH_strhash?
For something like SipHash, knowing "whichever
For something like SipHash, knowing "whichever algo the server uses"
effectively implies knowing the 128-bit random key currently being used
for the hash table in question.
Regards,
jjf
On 12/01/2017 00:39, Sands, Daniel wrote:
With a small number of buckets, it
With a small number of buckets, it seems to me that no hash algo will
make you safe from a flooding attack. You can simply generate your
hashes locally using whichever algo the server uses, and only send those
that fit into your attack scheme. The data could even be pre-generated.
The only way
Just a note from my own experience way back when: I tried hashing using
various algos and measuring bucket use as the main comparison criteria.
I found that the crypto hashes left a fair number of unused buckets. Of
course, CRCs were far worse. What gave the most normal distribution was
to