Paul Hoffman <paul.hoff...@vpnc.org> wrote: > > For this type of system, you want a hash or checksum function where > finding collisions takes more than N attempts, and all of those attempts > must be based on random guessing, not on some structure of the messages. > N can be calibrated by the value of an attacker fooling you and the > amount of time they have to create the collision. N=2^64 is probably > sufficient for this attack because we still don't have a way to do 2^64 > guesses in a reasonable amount of time, and SHA-1 is still probably > within that boundary. However, FNV (a non-cryptographic hash) has the > same amount of collision protection but runs much faster.
FNV can be broken by a remote attacker - there are side-channel attacks which leak hash randomization secrets. Python switched from FNV to SipHash, which is about the same speed but a lot stronger. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Viking, North Utsire: Easterly 4 or 5, increasing 6 at times. Slight or moderate, but rough in southwest Viking. Showers later. Good, occasionally poor later. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
