From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E80BD45B54; Wed, 16 Oct 2024 19:07:15 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id BC9F2402B5; Wed, 16 Oct 2024 19:07:15 +0200 (CEST) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mails.dpdk.org (Postfix) with ESMTP id 0EAD440150 for ; Wed, 16 Oct 2024 19:07:14 +0200 (CEST) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-20cb7088cbcso399915ad.0 for ; Wed, 16 Oct 2024 10:07:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20230601.gappssmtp.com; s=20230601; t=1729098433; x=1729703233; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=ButpfmgXQg96nOhlUMi0Jl8QMlngq56bxrWRZlZKI30=; b=X16J5x9wd2ocv6SfctleuCibgHCXdGApuVbjYVdtpu/qGa84PgahhdET0LMGK6Vu5E N06PaJXPqkV75klhqa6YPl8c4F6Y9Xo9zy0kzI1xyQ3GIT99Simr2Rb1NDEb2FWT8W/N +fyflF0qYRzQ6qwHG7+7iAz941NCq/oh7bYFa3Y7BWyhUwr7gnXi/iSd5EFcIAwT2K2T 57uF/tY3rJrzGVRKxlw0OLXRDY0HpY8duGD85ozRzCad0sabjNG7eWV1OIHCxzE0kiXX sNGoo/6qCkBGrAkBRm2Hiqb9uHuiRE109FN5ngzu6MNAwoanS8gDOLTHFCK+O3T6/KOF pSaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729098433; x=1729703233; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ButpfmgXQg96nOhlUMi0Jl8QMlngq56bxrWRZlZKI30=; b=NJ7zytC3OwGcCTcK5waxwEmkkhqHFbhyCUjWwDzzADtSHcod6J0v3qHX25Xb837+Jn ivlk/f1ZpgRUXCY16HYJ9T3Y21Q8YYbg3OXKunrjrlCx+MKLOufIlsVxDav0rNNEkub8 NYI3F9t6zpzdKduB3bt//kHiFKSe24d27TW/XoGY18BO9fSZNSnOTZD8ZGFyXRKhF6xX 4pzWoh3vCfwSFYoSohWTjXglo8j9hp+vEds13v8Vmjyu9t855NQwoNMP0Rb6PtFBjn06 ICg7J4p31XP3BIEUV5q+QwVSP3xply8XTG2jws5BO+bBi9kuuiS0DKLCoLfaRDCwRIdj a96w== X-Gm-Message-State: AOJu0Ywb6j84cNTrjrKtOR8upCGLZ24M4ob0RxboQVF2fIKQkr7/SeIx b/J1qD3H33VmazRiBjtf7fHW54Fm8GEwcdWoR3EcFFMFPHPR8Pw2Dh7N1Fh3mTA= X-Google-Smtp-Source: AGHT+IHZd//5/ShQqS0g7JTb3DW/tFLEkRQWZiF0+Dj1xf0aAc3OBxG/0mDjwT0MKIH0scbDVEMwhA== X-Received: by 2002:a17:903:2985:b0:20c:5263:247a with SMTP id d9443c01a7336-20ca16bdcb4mr281798115ad.38.1729098433078; Wed, 16 Oct 2024 10:07:13 -0700 (PDT) Received: from hermes.local (204-195-96-226.wavecable.com. [204.195.96.226]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7ea9c6d3de2sm3518315a12.47.2024.10.16.10.07.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Oct 2024 10:07:12 -0700 (PDT) Date: Wed, 16 Oct 2024 10:07:10 -0700 From: Stephen Hemminger To: "Medvedkin, Vladimir" Cc: "dev@dpdk.org" , "Wang, Yipeng1" , "Gobriel, Sameh" , "Richardson, Bruce" Subject: Re: [PATCH v6] lib/hash: add siphash Message-ID: <20241016100710.131fcbf2@hermes.local> In-Reply-To: <93e1fd04-5246-4ee6-bfeb-2d82091cff06@intel.com> References: <20240227174012.343004-1-stephen@networkplumber.org> <20240801153130.63407-1-stephen@networkplumber.org> <93e1fd04-5246-4ee6-bfeb-2d82091cff06@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org On Wed, 16 Oct 2024 16:48:12 +0100 "Medvedkin, Vladimir" wrote: > Hi Stephen, > > Thanks for introducing this hash function. > > I have just a few nits: > > On 01/08/2024 16:31, Stephen Hemminger wrote: > > The existing hash functions in DPDK are not cryptographically > > secure and can be subject to carefully crafted packets causing > > DoS attack. > Currently in DPDK we have 3 hash functions, 2 of them can be used with > our cuckoo hash table implementation: > > 1. CRC - Very weak, do not use with hash table if you don't fully > control all keys to install into a hash table. > > 2. Toeplitz - keyed hash function, not used with hash tables, fastest if > you have GFNI, level of diffusion fully depends on the hash key, weak > against differential crypto analysis. Technically may be used with hash > tables in number of usecases. > > 3. Jenkins hash (lookup3) - and here I can not say that it is not secure > and it is subject to collisions. I'm not aware on any successful attacks > on it, it has a great diffusion (see https://doi.org/10.1002/spe.2179). > It is also keyed with the same size of the key as rte_hsiphash(). > > So I won't agree with this sentence. I am not a crypto or hash expert. This text is based on the statements by the original author of siphash who does have such expertise. See the wikipedia page: https://en.wikipedia.org/wiki/SipHash and the original paper: https://web.archive.org/web/20170327151630/https://131002.net/siphash/siphash.pdf The problem is that Jenkins and Toeplitz "were designed to have a close-to-uniform distribution, not to meet any particular cryptographic goals"