https://gcc.gnu.org/bugzilla/show_bug.cgi?id=55815
Geoff Pike <gpike at google dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gpike at google dot com
--- Comment #4 from Geoff Pike <gpike at google dot com> ---
I'm working on a higher-difficulty-higher-payoff approach to hash-flood
mitigation. It admittedly has a long way to go, but for those interested, an
early draft is https://gcc.gnu.org/ml/gcc-patches/2015-09/txtLiT8K2xyw4.txt
With chaining hashtables (and perhaps others), there continues to be a hash
flooding problem no matter how good the hash function: there's a timing attack
that can force the attackee to do some constant times n^1.5 computational steps
for n steps by the attacker. Whether this attack matters in real life is
unclear to me, but I believe it is a realistic threat. By using a smarter data
structure one can avoid the n^1.5 worst case, and also use a fast hash function
when, happily, no hash flooding attack is in progress.
Meanwhile, is SipHash useful? Maybe. It is slow, so perhaps a more modern
competitor could be constructed, if one doesn't exist. On machines with fast
multiplication (and/or CRC, pshufb, SIMD, ...), one is likely better off using
those features, and SipHash does not get enough out of those features to be
speedy.
