So I got to chat with the author of SipHash tonight (Jean-Philippe Aumasson). He said based on the analysis he did with Dan Bernstein that universal hashing isn't sufficient to prevent hashDoS-like attacks, and you need a real cryptographic PRF like SipHash.
tl;dr: never mind, carry on On Wednesday, February 26, 2014, Tony Arcieri <[email protected]> wrote: > Rust is using SipHash for std::hash (I believe?). This is a great > conservative choice that mitigates hashDoS. > > However, it'd be nice if there were a faster option which still prevented > an attacker from colliding parameters, right? There is! It's called > universal hashing: > > http://en.wikipedia.org/wiki/Universal_hashing > > Universal hashing provides families of hash functions that are hard to > collide, even when the attacker is choosing the parameters at will as part > of an adaptive attack. The implementation is compact, fast, and relies only > on some parameters which can be chosen at application startup. In the wild > universal hashing is used for things like UMAC: > > http://en.wikipedia.org/wiki/UMAC > > -- > Tony Arcieri > -- Tony Arcieri
_______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
