From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id E80BD45B54;
	Wed, 16 Oct 2024 19:07:15 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id BC9F2402B5;
	Wed, 16 Oct 2024 19:07:15 +0200 (CEST)
Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com
 [209.85.214.179])
 by mails.dpdk.org (Postfix) with ESMTP id 0EAD440150
 for <dev@dpdk.org>; Wed, 16 Oct 2024 19:07:14 +0200 (CEST)
Received: by mail-pl1-f179.google.com with SMTP id
 d9443c01a7336-20cb7088cbcso399915ad.0
 for <dev@dpdk.org>; Wed, 16 Oct 2024 10:07:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=networkplumber-org.20230601.gappssmtp.com; s=20230601; t=1729098433;
 x=1729703233; darn=dpdk.org; 
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:subject:cc:to:from:date:from:to:cc:subject:date
 :message-id:reply-to;
 bh=ButpfmgXQg96nOhlUMi0Jl8QMlngq56bxrWRZlZKI30=;
 b=X16J5x9wd2ocv6SfctleuCibgHCXdGApuVbjYVdtpu/qGa84PgahhdET0LMGK6Vu5E
 N06PaJXPqkV75klhqa6YPl8c4F6Y9Xo9zy0kzI1xyQ3GIT99Simr2Rb1NDEb2FWT8W/N
 +fyflF0qYRzQ6qwHG7+7iAz941NCq/oh7bYFa3Y7BWyhUwr7gnXi/iSd5EFcIAwT2K2T
 57uF/tY3rJrzGVRKxlw0OLXRDY0HpY8duGD85ozRzCad0sabjNG7eWV1OIHCxzE0kiXX
 sNGoo/6qCkBGrAkBRm2Hiqb9uHuiRE109FN5ngzu6MNAwoanS8gDOLTHFCK+O3T6/KOF
 pSaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1729098433; x=1729703233;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=ButpfmgXQg96nOhlUMi0Jl8QMlngq56bxrWRZlZKI30=;
 b=NJ7zytC3OwGcCTcK5waxwEmkkhqHFbhyCUjWwDzzADtSHcod6J0v3qHX25Xb837+Jn
 ivlk/f1ZpgRUXCY16HYJ9T3Y21Q8YYbg3OXKunrjrlCx+MKLOufIlsVxDav0rNNEkub8
 NYI3F9t6zpzdKduB3bt//kHiFKSe24d27TW/XoGY18BO9fSZNSnOTZD8ZGFyXRKhF6xX
 4pzWoh3vCfwSFYoSohWTjXglo8j9hp+vEds13v8Vmjyu9t855NQwoNMP0Rb6PtFBjn06
 ICg7J4p31XP3BIEUV5q+QwVSP3xply8XTG2jws5BO+bBi9kuuiS0DKLCoLfaRDCwRIdj
 a96w==
X-Gm-Message-State: AOJu0Ywb6j84cNTrjrKtOR8upCGLZ24M4ob0RxboQVF2fIKQkr7/SeIx
 b/J1qD3H33VmazRiBjtf7fHW54Fm8GEwcdWoR3EcFFMFPHPR8Pw2Dh7N1Fh3mTA=
X-Google-Smtp-Source: AGHT+IHZd//5/ShQqS0g7JTb3DW/tFLEkRQWZiF0+Dj1xf0aAc3OBxG/0mDjwT0MKIH0scbDVEMwhA==
X-Received: by 2002:a17:903:2985:b0:20c:5263:247a with SMTP id
 d9443c01a7336-20ca16bdcb4mr281798115ad.38.1729098433078; 
 Wed, 16 Oct 2024 10:07:13 -0700 (PDT)
Received: from hermes.local (204-195-96-226.wavecable.com. [204.195.96.226])
 by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-7ea9c6d3de2sm3518315a12.47.2024.10.16.10.07.12
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 16 Oct 2024 10:07:12 -0700 (PDT)
Date: Wed, 16 Oct 2024 10:07:10 -0700
From: Stephen Hemminger <stephen@networkplumber.org>
To: "Medvedkin, Vladimir" <vladimir.medvedkin@intel.com>
Cc: "dev@dpdk.org" <dev@dpdk.org>, "Wang, Yipeng1" <Yipeng1.Wang@intel.com>,
 "Gobriel, Sameh" <sameh.gobriel@intel.com>, "Richardson, Bruce"
 <bruce.richardson@intel.com>
Subject: Re: [PATCH v6] lib/hash: add siphash
Message-ID: <20241016100710.131fcbf2@hermes.local>
In-Reply-To: <93e1fd04-5246-4ee6-bfeb-2d82091cff06@intel.com>
References: <20240227174012.343004-1-stephen@networkplumber.org>
 <20240801153130.63407-1-stephen@networkplumber.org>
 <93e1fd04-5246-4ee6-bfeb-2d82091cff06@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

On Wed, 16 Oct 2024 16:48:12 +0100
"Medvedkin, Vladimir" <vladimir.medvedkin@intel.com> wrote:

> Hi Stephen,
> 
> Thanks for introducing this hash function.
> 
> I have just a few nits:
> 
> On 01/08/2024 16:31, Stephen Hemminger wrote:
> > The existing hash functions in DPDK are not cryptographically
> > secure and can be subject to carefully crafted packets causing
> > DoS attack.  
> Currently in DPDK we have 3 hash functions, 2 of them can be used with 
> our cuckoo hash table implementation:
> 
> 1. CRC - Very weak, do not use with hash table if you don't fully 
> control all keys to install into a hash table.
> 
> 2. Toeplitz - keyed hash function, not used with hash tables, fastest if 
> you have GFNI, level of diffusion fully depends on the hash key, weak 
> against differential crypto analysis. Technically may be used with hash 
> tables in number of usecases.
> 
> 3. Jenkins hash (lookup3) - and here I can not say that it is not secure 
> and it is subject to collisions. I'm not aware on any successful attacks 
> on it, it has a great diffusion (see https://doi.org/10.1002/spe.2179). 
> It is also keyed with the same size of the key as rte_hsiphash().
> 
> So I won't agree with this sentence.

I am not a crypto or hash expert. This text is based on the statements
by the original author of siphash who does have such expertise.
See the wikipedia page:  https://en.wikipedia.org/wiki/SipHash
and the original paper: 
https://web.archive.org/web/20170327151630/https://131002.net/siphash/siphash.pdf

The problem is that Jenkins and Toeplitz
"were designed to have a close-to-uniform distribution, not to
meet any particular cryptographic goals"