From: Stephen Hemminger <stephen@networkplumber.org>
To: "Medvedkin, Vladimir" <vladimir.medvedkin@intel.com>
Cc: "dev@dpdk.org" <dev@dpdk.org>,
"Wang, Yipeng1" <Yipeng1.Wang@intel.com>,
"Gobriel, Sameh" <sameh.gobriel@intel.com>,
"Richardson, Bruce" <bruce.richardson@intel.com>
Subject: Re: [PATCH v6] lib/hash: add siphash
Date: Wed, 16 Oct 2024 10:07:10 -0700 [thread overview]
Message-ID: <20241016100710.131fcbf2@hermes.local> (raw)
In-Reply-To: <93e1fd04-5246-4ee6-bfeb-2d82091cff06@intel.com>
On Wed, 16 Oct 2024 16:48:12 +0100
"Medvedkin, Vladimir" <vladimir.medvedkin@intel.com> wrote:
> Hi Stephen,
>
> Thanks for introducing this hash function.
>
> I have just a few nits:
>
> On 01/08/2024 16:31, Stephen Hemminger wrote:
> > The existing hash functions in DPDK are not cryptographically
> > secure and can be subject to carefully crafted packets causing
> > DoS attack.
> Currently in DPDK we have 3 hash functions, 2 of them can be used with
> our cuckoo hash table implementation:
>
> 1. CRC - Very weak, do not use with hash table if you don't fully
> control all keys to install into a hash table.
>
> 2. Toeplitz - keyed hash function, not used with hash tables, fastest if
> you have GFNI, level of diffusion fully depends on the hash key, weak
> against differential crypto analysis. Technically may be used with hash
> tables in number of usecases.
>
> 3. Jenkins hash (lookup3) - and here I can not say that it is not secure
> and it is subject to collisions. I'm not aware on any successful attacks
> on it, it has a great diffusion (see https://doi.org/10.1002/spe.2179).
> It is also keyed with the same size of the key as rte_hsiphash().
>
> So I won't agree with this sentence.
I am not a crypto or hash expert. This text is based on the statements
by the original author of siphash who does have such expertise.
See the wikipedia page: https://en.wikipedia.org/wiki/SipHash
and the original paper:
https://web.archive.org/web/20170327151630/https://131002.net/siphash/siphash.pdf
The problem is that Jenkins and Toeplitz
"were designed to have a close-to-uniform distribution, not to
meet any particular cryptographic goals"
next prev parent reply other threads:[~2024-10-16 17:07 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-27 17:39 [PATCH] lib/hash: add SipHash function Stephen Hemminger
2024-02-27 19:14 ` [PATCH v2] lib/hash: add siphash Stephen Hemminger
2024-02-27 21:57 ` Mattias Rönnblom
2024-02-27 22:34 ` Stephen Hemminger
2024-02-29 0:32 ` [PATCH v3] " Stephen Hemminger
2024-05-29 15:47 ` [PATCH v4] " Stephen Hemminger
2024-06-17 14:58 ` [PATCH v5] " Stephen Hemminger
2024-06-19 14:24 ` Thomas Monjalon
2024-08-01 15:31 ` [PATCH v6] " Stephen Hemminger
2024-10-16 15:48 ` Medvedkin, Vladimir
2024-10-16 17:07 ` Stephen Hemminger [this message]
2024-10-16 18:06 ` Medvedkin, Vladimir
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241016100710.131fcbf2@hermes.local \
--to=stephen@networkplumber.org \
--cc=Yipeng1.Wang@intel.com \
--cc=bruce.richardson@intel.com \
--cc=dev@dpdk.org \
--cc=sameh.gobriel@intel.com \
--cc=vladimir.medvedkin@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).