From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D067645B55; Wed, 16 Oct 2024 20:06:46 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6AA3D4021F; Wed, 16 Oct 2024 20:06:46 +0200 (CEST) Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) by mails.dpdk.org (Postfix) with ESMTP id 6B4ED40144 for ; Wed, 16 Oct 2024 20:06:44 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1729102005; x=1760638005; h=message-id:date:subject:to:cc:references:from: in-reply-to:mime-version; bh=HVVbTrQwWoyHfix8p475HhMdjqqWTEvMai1zT1psZLg=; b=e++vVAQ+CFzuGD9R+b8Jt8og9MTY9qut2OUX4mujoiEcwLMmJlPlQGqO KmVVV5gChPnPh+miC6inUg7ZWndL2TqUbj2g6loaHiANcsOpJA2pHh5/8 difjOxpmiMX2ulIX4dhpEQQ8WAro7qJvAnHkzpgzQxP2cJ85dYTFSa4s+ dWb7jE6vxDvFJo4sboT8EsrGRMXeqzhKPCS83/1NHrNaeMHd/zk73zMWN kmBX7jfNh/AHPXKANjS/8KgsCjmjWwxC8AAA2PjnRC4VN6yr916vJhpAg tc9UqC7vgU4nkzpUDktMtdBPYY9EpGS6/+5+B5iBn/bhbiIcoQu3xteq/ w==; X-CSE-ConnectionGUID: KQnBdSTOS5CzW6nPV23keg== X-CSE-MsgGUID: wmExzmJLR/u4RzxWH95HFA== X-IronPort-AV: E=McAfee;i="6700,10204,11222"; a="28661501" X-IronPort-AV: E=Sophos;i="6.11,199,1725346800"; d="scan'208,217";a="28661501" Received: from fmviesa001.fm.intel.com ([10.60.135.141]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Oct 2024 11:06:42 -0700 X-CSE-ConnectionGUID: u8rWbXA4T9KITrHDbHAn2w== X-CSE-MsgGUID: L4v19/qJSiS0VYDSeejjMQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,208,1725346800"; d="scan'208,217";a="109067562" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by fmviesa001.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 16 Oct 2024 11:06:38 -0700 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 16 Oct 2024 11:06:35 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 16 Oct 2024 11:06:35 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39 via Frontend Transport; Wed, 16 Oct 2024 11:06:35 -0700 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (104.47.74.46) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.39; Wed, 16 Oct 2024 11:06:35 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=g2icRDp5S8MLdtFCs4HYvb/NiKieYw8XKSDsIPatdspOznIgwy0g84t3PF2eqcfN1uckuOV6pydlpkhV1I9awF8Sj6GFW69AeVce3ZKiu8mczIGt0IK0NaBgjDUfWXbwuCi4g3KvMmyMKpTmTBuXdabsK1Ne8rEa2NDrN3tMdGCXTULfRGOVHNELk8hfMKcxHwCI1ha8iJcW6FXXwzqfG+CcFML0BUY+5/ZXmK6HoTXnYgD0dkopT5Nn8hdbJJz2PIJpLVjUpCWFA3Ih37L54+0Mq8QaL2TcfIIemTnB/NwDGuhgFNKyMU1QT+RcvWb05NTYZPyRU10OXBDGBL8kGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Zvov48ajfSpt2h6OVmBRDT/mcuFT53UNWlFVPMUzrC4=; b=j4UWLuzRpOqfO/YU7LdsvMpnKkYKXcE8pjqGDRsQiut+1U/X8GkxRDciIRs3U5SnGosFu3YyQhK98ksLU+euF0++3D/voPpWvfg4QvXuZQc8a+4VfdXxdTMu2pl/SYIK6GeX6ttCtxJ/h8fo+PiQuw+aoFj6M/BBI8ip5iJJbgfEQcoE7j0feBX8C53o/OWFPGljedPgII279pYPL81XNgld/g529GOmOk3tHand8dh7EYcU1T+vVgg8CMDKGY+cI9WIBA3RNEGhZ88C5FcVktk8gTC1XMmD/2GJ1Qxnkvv0jV00xUvqA9ILB1hew5MB9wA++VDLRJCQT5YZO/+EKA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; Received: from PH7PR11MB5765.namprd11.prod.outlook.com (2603:10b6:510:139::7) by PH0PR11MB7521.namprd11.prod.outlook.com (2603:10b6:510:283::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8069.18; Wed, 16 Oct 2024 18:06:26 +0000 Received: from PH7PR11MB5765.namprd11.prod.outlook.com ([fe80::fcf5:d65c:4fdd:4a2a]) by PH7PR11MB5765.namprd11.prod.outlook.com ([fe80::fcf5:d65c:4fdd:4a2a%3]) with mapi id 15.20.8048.020; Wed, 16 Oct 2024 18:06:25 +0000 Content-Type: multipart/alternative; boundary="------------S0o0Wqd1RfMcDYp0oAqiEi9s" Message-ID: <5cc298e4-834e-4003-819b-63e6667866b4@intel.com> Date: Wed, 16 Oct 2024 19:06:20 +0100 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v6] lib/hash: add siphash To: Stephen Hemminger CC: "dev@dpdk.org" , "Wang, Yipeng1" , "Gobriel, Sameh" , "Richardson, Bruce" References: <20240227174012.343004-1-stephen@networkplumber.org> <20240801153130.63407-1-stephen@networkplumber.org> <93e1fd04-5246-4ee6-bfeb-2d82091cff06@intel.com> <20241016100710.131fcbf2@hermes.local> Content-Language: en-US From: "Medvedkin, Vladimir" In-Reply-To: <20241016100710.131fcbf2@hermes.local> X-ClientProxiedBy: WA2P291CA0022.POLP291.PROD.OUTLOOK.COM (2603:10a6:1d0:1e::24) To PH7PR11MB5765.namprd11.prod.outlook.com (2603:10b6:510:139::7) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PH7PR11MB5765:EE_|PH0PR11MB7521:EE_ X-MS-Office365-Filtering-Correlation-Id: 79c80c9e-9536-4937-c8ac-08dcee0d3ffa X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|366016|1800799024|8096899003; X-Microsoft-Antispam-Message-Info: =?utf-8?B?OUlINC9vM28zcGI1UUw3eHlKejlNMURLdUNEQVkzcHdhZFRMMDVSMEsyQ2Vl?= =?utf-8?B?NmJPTlJaemNSbUErM1ZDZmlmTnA3alFYc2JCNWZpUjVlbHJ3RkcxVzZpbW1p?= =?utf-8?B?OVM2YmlocFBURWJpK1N1K0VWWmx6dEp0UWM5R3I5UXd3ZVI5dGFiVVlWbE1n?= =?utf-8?B?UTJSQmJLNzNMM09wUlJ6MkNjOUVMVUN3TTI0R2hPMXpYSXk5TmdDUE5UUExq?= =?utf-8?B?SzB0d0Qwd3cyTEpja0FSc2x3QXdPZERSNWxIbE9paG9yb2hXNHRSUzNDOWdj?= =?utf-8?B?Nk9xdzZJbVlTSUtFQVBpbG1VdmVXakZPelFpYlVlSmxmaVFwV0orUFE1NklO?= =?utf-8?B?ckczZEhpNWM1MXFRMWhSV3pkeW9tcy9ZUElJWnQzZklBdFFra1JoaWFlL0RT?= =?utf-8?B?RUprL2pWNnhhbkxxU0NYdk9EYVVTcWZRZ0ZueHlGdWFDQ2lUR3ZxMmdzVmxH?= =?utf-8?B?V05TcnVVaDhwQlNLcjZZekIxNkx6Q3E1cUs5SUY5TXpMWG5kOGN5SEJVYjkr?= =?utf-8?B?aVBJcHREYVhmS1ppTHAyTFRMZkZJUW12WGR1emg4UFEyeDZsd045Uk9Qei9P?= =?utf-8?B?TXVrVG1oNENjSjlSckw5N1RaQ0o1cHV1c0hoNFdqbTB3ZUxRMm5tNWpHa2NH?= =?utf-8?B?cGJGQ3NXTzU0aCtXNXk3azdFd2lHRFQrQ0N6VVg4S1doMmJsb0d5QXU0Snhy?= =?utf-8?B?alFQdndOa09uT3BEcGd1UWxiUFF3cGFoOVdCeDNiTWx3Q3VPTHFSbDlSWXJt?= =?utf-8?B?enFrMjVVVWJ3UVFiREwwWk5YaU0xbVFJak9IM2RFNDJQcmxjZ1lKM0VacWZL?= =?utf-8?B?aFBmTTFmVmhOOTFhSG9TLzVBWkMrOEZYV253eGNabFZLU1hLVUh0RmdFMmhm?= =?utf-8?B?eFo2YTkwYlJrNERycnZxUkExQnluV0hXYUhnaHViNFZxYk5tdkljNjQ3LzRs?= =?utf-8?B?NWRzZjZGMTVQNzZBMlI1emp1d2xOcUh6ZTFMZDhLZFVJSDhUNndwRlM1QmlZ?= =?utf-8?B?R1dBUjVrV0JCV09yTjAyMG9ZRkRRYUxHMnJIWCtNZzRmVThHOGFybWI4RUk5?= =?utf-8?B?VlU4ZWwzcjVpeURzOUVERlZZbE5zYWVYUkNNYXRsRjFyeXlDRE91MHBsS3ZZ?= =?utf-8?B?OGsvbmhaNytLc0J5VzZsOFZiSG14bmUzaEJ1aFg4RVNGWlZ5V1NTNENOdytp?= =?utf-8?B?SWRrSUNaL0p4NGdYenI2bjFwUlppVEVHdGxxQ0JuRU1TQ2oxeDRTbHBTc2dM?= =?utf-8?B?QVBOYy9ON0tNMnRuM2d3RXJlVTZQc0xTYW5xVmpHVVl1dTliNFZ0d3Q1Zzht?= =?utf-8?B?dkNDeUFSdFhnaEl4S1ZsR0E1am9LdlpOakdRSlk5dmJkNGNBaEZ2aGt4dWpO?= =?utf-8?B?cnlla1d0TjUydFVmQ3RUc0ZlNUw0L29YNWFNeWJ0SjYxdXJobkdXWnMwRDhs?= =?utf-8?B?dzIreENzdGtsM3VpZkJtWnozckYxeU5nekV1WVErbU54d1VrZ1dsVDVzY2lW?= =?utf-8?B?bTREMkVrN1UxOXU4Q0RMWU1zQ05qRnNvT2ZXSTZ4K2tqZlRidFozd3BSeHBC?= =?utf-8?B?VkZ6SXlsa0FFOEkxMnNqREpWTU80MUVPVDVIRnJVc3BFMitBUnI1bGxaLysz?= =?utf-8?Q?dexAdik5KonzL5J0IlQNEVgn+vs/lTJ5y0rUnocB9bFo=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR11MB5765.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(376014)(366016)(1800799024)(8096899003); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?djJPdWtERXE0c3ZpUHhLdHlqSGxpdlU3OVp5cXYzd2N3bFRWY0U3QjhlMTlC?= =?utf-8?B?WWtuODd4TmtEWEI5Yi9qRnp4QXlpU2o5RWFIN2ZSLytpY2JLWkJFV1Z6SEpi?= =?utf-8?B?TTMzVm5KWmVXRWp0YXdMSHU3U3lrVUZMUElVTHpHUTRDUWtZM0kxaHZwTkFF?= =?utf-8?B?L24wMXN3QzB6M2grVHlWdVdWTURKVVVMZms2TDIvNE1GeXFtY1gyZEh1bUE5?= =?utf-8?B?MkxWMDZ6dmZmMFpxU1RwVFVkS1dCcS9vdnNtdnppazRZMnl1cVJUY3k4VDhP?= =?utf-8?B?UG0wWHZxeXN0VzJIc3J2azhJTVZHMUs5V3ZHeXRqMHJrVXljc2VBM05ETm5H?= =?utf-8?B?U0Y3WURvU0g3b0xOcGtBSGx3ZU9DaXh5dTBOb0pKRTFlNThZRWdySEIxWE1S?= =?utf-8?B?NEtRZmFLZEx2RnlscGR0YlVibDVzalczS3JoZDIzOXZSb1RMWmhySlVlZXUv?= =?utf-8?B?OC94cVg1TGJEZEpKM1E2ZFdHWG1yRlR2UFRJN05MR1NWVXBSWWpzSjRjMGhj?= =?utf-8?B?SmF0VWxMSEJ0QnorUGovcXhNMGFnU1k3Q2s2Q202MFVXTTA5MXRjU01uT2d4?= =?utf-8?B?YlMrSkpPK2tUUkRhMm11cGlxa2ttVnV2UkxpMHVLTmRubDRkcWpRb3A2S3Yr?= =?utf-8?B?Z3RyN1pLRFFXMjRSM0RqVnZSQmprbkVnYnh3aC9jOERKNkgweTk1U2N1UWFF?= =?utf-8?B?b1QzZFNwYVl3ZGJTLzZEbUJoVVV0QklEQlJSR05ZM0JNSE0vclNQOTVSMmZu?= =?utf-8?B?THJXL21ybklUcGY1MVJBQldjeUtyaEd5SmVIWS8wdW9sejl6Q21TNnY0YzR3?= =?utf-8?B?ZUJWQWlJeW9LYzFaZWs3aU5IeGs3UENCU0I5VnVWNElrTE5WKzNaUnh4THV5?= =?utf-8?B?TzhwQW9jcHptNm1hMUdGV1JrQk8yQzZSS2Roa0RndWQ5L3NIczFYYnloOElX?= =?utf-8?B?Y0o2elpzLzJjYTl6em9TdmplY2dOR0w5RHR2ZjJOTFNGRDNrOERXRUhFbFhi?= =?utf-8?B?NW1RaldZRU9uRmVkMHZLMDZzMXNEV0tpN0RiNGdFUWptSnQ2cXBiYVF6a1ow?= =?utf-8?B?TXBMTFZiTWVtTVJtN0E2TFdGR3NmVVZtc1JpYjhvYUVaTnc0aXRIY1pRV1Bx?= =?utf-8?B?d296TzlEWDdDVGg2RlRXVjlDb09QNGQwdDU1SCtzZWVpMTJ6RDU0SWptdWkr?= =?utf-8?B?ZDNmYytBb0pERm5LWEdHbkpZOWp0NXBtNHBubkI3SGxheFVQeFA2RlVYOVBF?= =?utf-8?B?U05mN2RYdjcwZE5nOURwdnRsUDRKUUgrQ20zOVdJendnYk9OcXpsYVp1dDFV?= =?utf-8?B?T3BOOXpSYzJHZjJjL2diMCtPeUthaXVTa09sditKbDRXYlFnZ0xmaFVoYWRN?= =?utf-8?B?WFMyUHFuVkxKQkJYUjJReGlleDlXRWVHajh3VnFWcmZCQjdNSDVNTStnK0Uw?= =?utf-8?B?T3Ntb0MyM0tjVEFQZGI2bVdUWWd4UnUxY3RVaXBFK1gvT3hTUS9HTGZLWXhm?= =?utf-8?B?cEJrYXlxRFlXWHp4a0ZnUzk3ekpWcURsZjdEMnZKN0xxSEIwakZvTFhKUzdG?= =?utf-8?B?Mk9uTTEyaHg0MjJJNzBQUVNWd0xrbWVjcTlTYUlNcFdCZHI2K0JrcUp2akpt?= =?utf-8?B?ZmxFUFg1OFdsdi9VODcyazBkYzdNaWt1TkpkMXNnK0pCNEJKamk1SHRVdkRX?= =?utf-8?B?VEVaZms3NXRHRENqUGRsa2o3ZHo2NjYxTjkwZ2N5MUc3Y1dmMkxNZmtXS0hJ?= =?utf-8?B?R0piVDZ5WHBYQTQ0cU96QUkzM3RUSVd4R3JBWlA1Z01yRmsyR3lBcTJaY0I0?= =?utf-8?B?Z3pYZmZUdjJaVkVzd3NqTU5wZ013S0xxQUNOWUhnbVYwWUtjR2l0THNXQTU5?= =?utf-8?B?dUcxcEh3NVlaYWMxV1UvT3I5eThYQnJWSWhwOTZnWTVaNGFBMnRvd1E4L2Nu?= =?utf-8?B?VndkbTJYUGhXRW9qOFQyQW1VQ2ozRm1lTFpkRHJEeWRWVys0S0dma2d4M1or?= =?utf-8?B?QTNNVGpicGxvRHB2SDNpUXZVWVc4UGdncXlUOHdTOVlSMGswS2VhTkh4Mkpx?= =?utf-8?B?NGZTYlhmeDRUTi9tbHRoT3NMdGNNQXF2TXB0cXFNTUVXQTl6azJuTVAxZUx4?= =?utf-8?B?L1hNZE9EeDh6TTduaFVqMDdIUW1tQmJ5a3FSMXZjbFArUTlFbGVPU1dZZTh2?= =?utf-8?B?bFE9PQ==?= X-MS-Exchange-CrossTenant-Network-Message-Id: 79c80c9e-9536-4937-c8ac-08dcee0d3ffa X-MS-Exchange-CrossTenant-AuthSource: PH7PR11MB5765.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Oct 2024 18:06:25.8755 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: d5A3jv2Q/TYX7+eWDd2PRN5Cx7w1+T+QZAauORMB9OzUPM8c4z+vluD1yrqgK3U+CUAxt0bXCQluXqusfEtFDw2rlWCgsTUKZ+AcWuPWhFk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB7521 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org --------------S0o0Wqd1RfMcDYp0oAqiEi9s Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit On 16/10/2024 18:07, Stephen Hemminger wrote: > On Wed, 16 Oct 2024 16:48:12 +0100 > "Medvedkin, Vladimir" wrote: > >> Hi Stephen, >> >> Thanks for introducing this hash function. >> >> I have just a few nits: >> >> On 01/08/2024 16:31, Stephen Hemminger wrote: >>> The existing hash functions in DPDK are not cryptographically >>> secure and can be subject to carefully crafted packets causing >>> DoS attack. >> Currently in DPDK we have 3 hash functions, 2 of them can be used with >> our cuckoo hash table implementation: >> >> 1. CRC - Very weak, do not use with hash table if you don't fully >> control all keys to install into a hash table. >> >> 2. Toeplitz - keyed hash function, not used with hash tables, fastest if >> you have GFNI, level of diffusion fully depends on the hash key, weak >> against differential crypto analysis. Technically may be used with hash >> tables in number of usecases. >> >> 3. Jenkins hash (lookup3) - and here I can not say that it is not secure >> and it is subject to collisions. I'm not aware on any successful attacks >> on it, it has a great diffusion (seehttps://doi.org/10.1002/spe.2179). >> It is also keyed with the same size of the key as rte_hsiphash(). >> >> So I won't agree with this sentence. > I am not a crypto or hash expert. This text is based on the statements > by the original author of siphash who does have such expertise. > See the wikipedia page:https://en.wikipedia.org/wiki/SipHash > and the original paper: > https://web.archive.org/web/20170327151630/https://131002.net/siphash/siphash.pdf > > The problem is that Jenkins and Toeplitz > "were designed to have a close-to-uniform distribution, not to > meet any particular cryptographic goals" The original paper link isn't working, for review I used this: https://www.aumasson.jp/siphash/siphash.pdf Let me quote a bit more form this WP: "Recent hash-table proposals such as Google’s CityHash [18] and Jenkins’ SpookyHash [21] provide very fast hashing of short strings, but these functions were designed to have a close-to-uniform distribution, not to meet any particular cryptographic goals. For example, collisions were found in an initial version of CityHash128 [22], and the current version is vulnerable to a practical key-recovery attack when 64-bit keys are used." I haven't found anything about the lookup3 hash function, which is different from the SpookyHash hash function implemented by Bob Jenkins. IunderstandthatSipHashhasgoodcryptographicqualityandcanbeusedforMAC,buthereweare talkingaboutNCHFthatare usedforhashtables,andinthiscasea gooduniformdistributionof hashvaluesis veryimportant. Siphash has this property, as does lookup3. P.S. Regarding above mentioned collisions in CityHash128 - it seem the problem was solved in 2015 -- Regards, Vladimir --------------S0o0Wqd1RfMcDYp0oAqiEi9s Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On 16/10/2024 18:07, Stephen Hemminger wrote:
On Wed, 16 Oct 2024 16:48:12 +=
0100
"Medvedkin, Vladimir" <vladimir.medvedkin@intel.com> wrote:


Hi Stephen,

Thanks for introducing this hash function.

I have just a few nits:

On 01/08/2024 16:31, Stephen Hemminger wrote:

The existing hash function=
s in DPDK are not cryptographically
secure and can be subject to carefully crafted packets causing
DoS attack. =20

Currently in DPDK we have 3 =
hash functions, 2 of them can be used with=20
our cuckoo hash table implementation:

1. CRC - Very weak, do not use with hash table if you don't fully=20
control all keys to install into a hash table.

2. Toeplitz - keyed hash function, not used with hash tables, fastest if=20
you have GFNI, level of diffusion fully depends on the hash key, weak=20
against differential crypto analysis. Technically may be used with hash=20
tables in number of usecases.

3. Jenkins hash (lookup3) - and here I can not say that it is not secure=20
and it is subject to collisions. I'm not aware on any successful attacks=20
on it, it has a great diffusion (see https://doi.org/10.1002/spe.2179=
).=20
It is also keyed with the same size of the key as rte_hsiphash().

So I won't agree with this sentence.

I am not a crypto or hash expert. This text is based on the statements
by the original author of siphash who does have such expertise.
See the wikipedia page:  https://en.wikipedia.org/wiki/SipHash
and the original paper:=20
https://web.archive.org/=
web/20170327151630/https://131002.net/siphash/siphash.pdf

The problem is that Jenkins and Toeplitz
"were designed to have a close-to-uniform distribution, not to
meet any particular cryptographic goals"

The original paper link isn't working, for review I used this:

https://www.aumasson.jp/siphash/siphash.pdf

Let me quote a bit more form this WP:

"Recent hash-table proposals such as Google=E2=80=99s CityHash = [18] and Jenkins=E2=80=99 SpookyHash [21] provide very fast hashing of sho= rt strings, but these functions were designed to have a close-to-uniform distribution, not to meet any particular cryptographic goals. For example, collisions were found in an initial version of CityHash128 [22], and the current version is vulnerable to a practical key-recovery attack when 64-bit keys are used."

I haven't found anything about the lookup3 hash function, which is different from the SpookyHash hash function implemented by Bob Jenkins.

I understand that SipHash has good cryptographic quality and can be used for MAC, but here we are <= /span>talking about NCHF that are used for hash tables, and <= span class=3D"EzKURWReUAB5oZgtQNkl" data-src-align=3D"169:1" style=3D"white= -space: pre-wrap;">in = this case a= good uniform distribution of hash values is very= importan= t. Siphash has this property, as does lookup3.

P.S. Regarding above mentioned collisions in CityHash128 - it seem the problem was solved in 2015


    

    
--=20
Regards,
Vladimir

  


--------------S0o0Wqd1RfMcDYp0oAqiEi9s--