https://gcc.gnu.org/bugzilla/show_bug.cgi?id=55815
--- Comment #5 from felix-glibc at fefe dot de --- How about you add SipHash and make it selectable at runtime. Then I can file security bugs against all relevant programs not selecting it for being vulnerable and glibc has their ass covered regarding performance. I mean seriously, you argue performance for a security measure? Does Google turn off stack cookies in production? ACL checks? All this password checking is making our code slow? I sure hope not. Also: Do you have any actual benchmarks proving siphash would make a noticeable impact?
