On 16/10/2024 18:07, Stephen Hemminger wrote:
On Wed, 16 Oct 2024 16:48:12 +0100
"Medvedkin, Vladimir"<vladimir.medved...@intel.com> wrote:
Hi Stephen,
Thanks for introducing this hash function.
I have just a few nits:
On 01/08/2024 16:31, Stephen Hemminger wrote:
The existing hash functions in DPDK are not cryptographically
secure and can be subject to carefully crafted packets causing
DoS attack.
Currently in DPDK we have 3 hash functions, 2 of them can be used with
our cuckoo hash table implementation:
1. CRC - Very weak, do not use with hash table if you don't fully
control all keys to install into a hash table.
2. Toeplitz - keyed hash function, not used with hash tables, fastest if
you have GFNI, level of diffusion fully depends on the hash key, weak
against differential crypto analysis. Technically may be used with hash
tables in number of usecases.
3. Jenkins hash (lookup3) - and here I can not say that it is not secure
and it is subject to collisions. I'm not aware on any successful attacks
on it, it has a great diffusion (seehttps://doi.org/10.1002/spe.2179).
It is also keyed with the same size of the key as rte_hsiphash().
So I won't agree with this sentence.
I am not a crypto or hash expert. This text is based on the statements
by the original author of siphash who does have such expertise.
See the wikipedia page:https://en.wikipedia.org/wiki/SipHash
and the original paper:
https://web.archive.org/web/20170327151630/https://131002.net/siphash/siphash.pdf
The problem is that Jenkins and Toeplitz
"were designed to have a close-to-uniform distribution, not to
meet any particular cryptographic goals"
The original paper link isn't working, for review I used this:
https://www.aumasson.jp/siphash/siphash.pdf
Let me quote a bit more form this WP:
"Recent hash-table proposals such as Google’s CityHash [18] and Jenkins’
SpookyHash [21] provide very fast hashing of short strings, but these
functions were designed to have a close-to-uniform distribution, not to
meet any particular cryptographic goals. For example, collisions were
found in an initial version of CityHash128 [22], and the current version
is vulnerable to a practical key-recovery attack when 64-bit keys are used."
I haven't found anything about the lookup3 hash function, which is
different from the SpookyHash hash function implemented by Bob Jenkins.
IunderstandthatSipHashhasgoodcryptographicqualityandcanbeusedforMAC,buthereweare
talkingaboutNCHFthatare usedforhashtables,andinthiscasea
gooduniformdistributionof hashvaluesis veryimportant. Siphash has this
property, as does lookup3.
P.S. Regarding above mentioned collisions in CityHash128 - it seem the
problem was solved in 2015
--
Regards,
Vladimir
