Re: [openssl-dev] [EXTERNAL] Re: use SIPhash for OPENSSL_LH_strhash?

Yes, but. LHash hashes internal object names not externally presented input.Certainly if it's used on externally presented data it's a worthwhile change, but AFAIK that isn't the case.Peter-"openssl-dev" wrote: -To: openssl-dev@openssl.orgFrom: Jeremy

Re: [openssl-dev] use SIPhash for OPENSSL_LH_strhash?

It pretty much has to be true of any keyed hash if you think about it. If it didn't distribute the hashes differently each time it wouldn't be working, if it distributes the hashes differently, performance has to be key dependent. And with a hash size the same as the key, at least one of the

Re: [openssl-dev] wiki update for enc command

That whole “Manual:” thing on the wiki should probably go away and just refer to the website which gets updated every time we change things. Can you open an issue for the manpage bug you found? Thanks! -- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: richs...@jabber.at

Re: [openssl-dev] use SIPhash for OPENSSL_LH_strhash?

> Is there really no use of LHASH tables in OpenSSL where an attacker > attempting a DoS attack can control the contents of the tables? The only use of LHASH is in SSL_SESSION and X509_NAME, which use their own hashing functions, and are only used after the session and/or certs have been

Re: [openssl-dev] use SIPhash for OPENSSL_LH_strhash?

A note: I have absolutely nothing against the addition of SIPhash in our collection of hash algos. My scepticism was only in regards to using it as a string hasher for our hash tables indexes. Cheers, Richard In message <20170111.153458.1623912899597806811.levi...@openssl.org> on Wed, 11 Jan

Re: [openssl-dev] wiki update for enc command

> Can you open an issue for the manpage bug you found? Yes, I will. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] use SIPhash for OPENSSL_LH_strhash?

Can we look forward to a github PR? In message <97d0be2d-11c6-4d01-9a5d-faccc5b27...@akamai.com> on Tue, 10 Jan 2017 22:42:17 +, "Short, Todd" said: tshort> I think I might have an init/update/final version of siphash24 lying tshort> around somewhere that would be

[openssl-dev] wiki update for enc command

Hi, Looks like one of my previous mail (see below) was lost in the ‘cloud’ ;-) Might be helpfull to send it again here ? Regards, Michel De : Michel [mailto:michel.sa...@free.fr] Envoyé : samedi 19 novembre 2016 14:16 À : 'wiki-supp...@openssl.org' Objet : wiki update HI,

Re: [openssl-dev] use SIPhash for OPENSSL_LH_strhash?

In message <1e19cdfea8224717b3eee11e2d8ac...@usma1ex-dag1mb1.msg.corp.akamai.com> on Wed, 11 Jan 2017 03:13:39 +, "Salz, Rich" said: rsalz> The needs for OpenSSL's LHASH are exactly what SipHash was designed for: fast on short strings. rsalz> OpenSSL's hash currently

Re: [openssl-dev] use SIPhash for OPENSSL_LH_strhash?

I’d be doing it in a manner similar to Poly1305, since that’s a fresh memory… it shouldn’t take long. -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." On Jan 11, 2017, at 9:44 AM, Richard Levitte

Re: [openssl-dev] [EXTERNAL] Re: use SIPhash for OPENSSL_LH_strhash?

Just a note from my own experience way back when: I tried hashing using various algos and measuring bucket use as the main comparison criteria. I found that the crypto hashes left a fair number of unused buckets. Of course, CRCs were far worse. What gave the most normal distribution was to

Re: [openssl-dev] use SIPhash for OPENSSL_LH_strhash?

In message <001901d26bed$d3746ed0$7a5d4c70$@sa...@free.fr> on Wed, 11 Jan 2017 10:33:53 +0100, "Michel" said: michel.sales> And what about using FNV or CityHash ? michel.sales> michel.sales> https://en.wikipedia.org/wiki/Fowler%E2%80%93Noll%E2%80%93Vo_hash_function I'm

[openssl-dev] Build fail when configured using no-nextprotoneg

Can we assume it is temporary due to "the process of transitioning from NPN to ALPN" mentioned in ssl_locl.h ? Regards, Michel. cl /I "." /I "include" -DDSO_WIN32 -DOPENSSL_THREADS -DOPENSSL_NO_DYNAM IC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSS

Re: [openssl-dev] use SIPhash for OPENSSL_LH_strhash?

On Wed, 2017-01-11 at 03:13 +, Salz, Rich wrote: > The needs for OpenSSL's LHASH are exactly what SipHash was designed > for: fast on short strings. > OpenSSL's hash currently *does not* call MD5 or SHA1; the MD5 code is > commented out. > Yes, performance tests would greatly inform the

Re: [openssl-dev] use SIPhash for OPENSSL_LH_strhash?

And what about using FNV or CityHash ? https://en.wikipedia.org/wiki/Fowler%E2%80%93Noll%E2%80%93Vo_hash_function https://en.wikipedia.org/wiki/CityHash -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Build fail when configured using no-nextprotoneg

On 11/01/17 08:58, Michel wrote: > Can we assume it is temporary due to “the process of transitioning from > NPN to ALPN” mentioned in ssl_locl.h ? Its a bug: https://github.com/openssl/openssl/pull/2212 Matt -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] use SIPhash for OPENSSL_LH_strhash?

And the reason I said you certainly don't need a keyed hash ? Behaviour of the hash function will change with key and in some cases performance would degenerate to that of a linked list. (Ouch). And since the obvious thing to do is use a random key, OpenSSL's performance would get *very*

Re: [openssl-dev] use SIPhash for OPENSSL_LH_strhash?

Are the issues you raise true of SipHash, given that a prime motivator for its design was generating hash tables for short inputs while being secure against hash flooding attacks? It achieves this with the performance of a portable C implementation the order of four times faster than MD5, and

Re: [openssl-dev] [EXTERNAL] Re: use SIPhash for OPENSSL_LH_strhash?

With a small number of buckets, it seems to me that no hash algo will make you safe from a flooding attack. You can simply generate your hashes locally using whichever algo the server uses, and only send those that fit into your attack scheme. The data could even be pre-generated. The only way

Re: [openssl-dev] [EXTERNAL] Re: use SIPhash for OPENSSL_LH_strhash?

For something like SipHash, knowing "whichever algo the server uses" effectively implies knowing the 128-bit random key currently being used for the hash table in question. Regards, jjf On 12/01/2017 00:39, Sands, Daniel wrote: With a small number of buckets, it