From: "Medvedkin, Vladimir" <vladimir.medvedkin@intel.com>
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: "dev@dpdk.org" <dev@dpdk.org>,
"Wang, Yipeng1" <Yipeng1.Wang@intel.com>,
"Gobriel, Sameh" <sameh.gobriel@intel.com>,
"Richardson, Bruce" <bruce.richardson@intel.com>
Subject: Re: [PATCH v6] lib/hash: add siphash
Date: Wed, 16 Oct 2024 19:06:20 +0100 [thread overview]
Message-ID: <5cc298e4-834e-4003-819b-63e6667866b4@intel.com> (raw)
In-Reply-To: <20241016100710.131fcbf2@hermes.local>
[-- Attachment #1: Type: text/plain, Size: 2843 bytes --]
On 16/10/2024 18:07, Stephen Hemminger wrote:
> On Wed, 16 Oct 2024 16:48:12 +0100
> "Medvedkin, Vladimir"<vladimir.medvedkin@intel.com> wrote:
>
>> Hi Stephen,
>>
>> Thanks for introducing this hash function.
>>
>> I have just a few nits:
>>
>> On 01/08/2024 16:31, Stephen Hemminger wrote:
>>> The existing hash functions in DPDK are not cryptographically
>>> secure and can be subject to carefully crafted packets causing
>>> DoS attack.
>> Currently in DPDK we have 3 hash functions, 2 of them can be used with
>> our cuckoo hash table implementation:
>>
>> 1. CRC - Very weak, do not use with hash table if you don't fully
>> control all keys to install into a hash table.
>>
>> 2. Toeplitz - keyed hash function, not used with hash tables, fastest if
>> you have GFNI, level of diffusion fully depends on the hash key, weak
>> against differential crypto analysis. Technically may be used with hash
>> tables in number of usecases.
>>
>> 3. Jenkins hash (lookup3) - and here I can not say that it is not secure
>> and it is subject to collisions. I'm not aware on any successful attacks
>> on it, it has a great diffusion (seehttps://doi.org/10.1002/spe.2179).
>> It is also keyed with the same size of the key as rte_hsiphash().
>>
>> So I won't agree with this sentence.
> I am not a crypto or hash expert. This text is based on the statements
> by the original author of siphash who does have such expertise.
> See the wikipedia page:https://en.wikipedia.org/wiki/SipHash
> and the original paper:
> https://web.archive.org/web/20170327151630/https://131002.net/siphash/siphash.pdf
>
> The problem is that Jenkins and Toeplitz
> "were designed to have a close-to-uniform distribution, not to
> meet any particular cryptographic goals"
The original paper link isn't working, for review I used this:
https://www.aumasson.jp/siphash/siphash.pdf
Let me quote a bit more form this WP:
"Recent hash-table proposals such as Google’s CityHash [18] and Jenkins’
SpookyHash [21] provide very fast hashing of short strings, but these
functions were designed to have a close-to-uniform distribution, not to
meet any particular cryptographic goals. For example, collisions were
found in an initial version of CityHash128 [22], and the current version
is vulnerable to a practical key-recovery attack when 64-bit keys are used."
I haven't found anything about the lookup3 hash function, which is
different from the SpookyHash hash function implemented by Bob Jenkins.
IunderstandthatSipHashhasgoodcryptographicqualityandcanbeusedforMAC,buthereweare
talkingaboutNCHFthatare usedforhashtables,andinthiscasea
gooduniformdistributionof hashvaluesis veryimportant. Siphash has this
property, as does lookup3.
P.S. Regarding above mentioned collisions in CityHash128 - it seem the
problem was solved in 2015
--
Regards,
Vladimir
[-- Attachment #2: Type: text/html, Size: 9635 bytes --]
prev parent reply other threads:[~2024-10-16 18:06 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-27 17:39 [PATCH] lib/hash: add SipHash function Stephen Hemminger
2024-02-27 19:14 ` [PATCH v2] lib/hash: add siphash Stephen Hemminger
2024-02-27 21:57 ` Mattias Rönnblom
2024-02-27 22:34 ` Stephen Hemminger
2024-02-29 0:32 ` [PATCH v3] " Stephen Hemminger
2024-05-29 15:47 ` [PATCH v4] " Stephen Hemminger
2024-06-17 14:58 ` [PATCH v5] " Stephen Hemminger
2024-06-19 14:24 ` Thomas Monjalon
2024-08-01 15:31 ` [PATCH v6] " Stephen Hemminger
2024-10-16 15:48 ` Medvedkin, Vladimir
2024-10-16 17:07 ` Stephen Hemminger
2024-10-16 18:06 ` Medvedkin, Vladimir [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5cc298e4-834e-4003-819b-63e6667866b4@intel.com \
--to=vladimir.medvedkin@intel.com \
--cc=Yipeng1.Wang@intel.com \
--cc=bruce.richardson@intel.com \
--cc=dev@dpdk.org \
--cc=sameh.gobriel@intel.com \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).