[openssl-dev] [EXTERNAL] Re: use SIPhash for OPENSSL_LH_strhash?

Sands, Daniel dnsands at sandia.gov
Thu Jan 12 00:39:32 UTC 2017 

With a small number of buckets, it seems to me that no hash algo will
make you safe from a flooding attack.  You can simply generate your
hashes locally using whichever algo the server uses, and only send those
that fit into your attack scheme.  The data could even be pre-generated.

The only way to guard against a flood that makes sense to me is to limit
the number of items that can be accepted before deciding you're being
trolled.

On Wed, 2017-01-11 at 23:29 +0000, J. J. Farrell wrote:
> Are the issues you raise true of SipHash, given that a prime motivator
> for its design was generating hash tables for short inputs while being
> secure against hash flooding attacks? It achieves this with the
> performance of a portable C implementation the order of four times
> faster than MD5, and not much slower than other modern hash
> algorithms.
> 
> I'd have thought the main thing to consider is whether or not there is
> any practical way a hash flooding attack could be used against
> OpenSSL's hash tables, and it sounds like there isn't. In that case,
> the fastest algorithm for the usage patterns would be best.
> 
> Regards,
>                           jjf
> 
> On 11/01/2017 22:25, Peter Waltenberg wrote:
> 
> > And the reason I said you certainly don't need a keyed hash ?
> > 
> > Behaviour of the hash function will change with key and in some
> > cases performance would degenerate to that of a linked list. (Ouch).
> > And since the obvious thing to do is use a random key, OpenSSL's
> > performance would get *very* erratic.
> > 
> > Simpler functions than cryptographic hashes will almost certainly
> > yield better results here. I note someone further up the thread
> > someone else has pointed that out. 
> > 
> > Peter
> > 
> > From:        "Salz, Rich" <rsalz at akamai.com>
> > To:        "openssl-dev at openssl.org" <openssl-dev at openssl.org>
> > Date:        11/01/2017 13:14
> > Subject:        Re: [openssl-dev] use SIPhash for
> > OPENSSL_LH_strhash?
> > Sent by:        "openssl-dev" <openssl-dev-bounces at openssl.org>
> > 
> > ____________________________________________________________________
> > 
> > The needs for OpenSSL's LHASH are exactly what SipHash was designed
> > for: fast on short strings.
> > OpenSSL's hash currently *does not* call MD5 or SHA1; the MD5 code
> > is commented out.
> > Yes, performance tests would greatly inform the decision.
> 
> -- 
> J. J. Farrell
> Not speaking for Oracle
> -- 
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

More information about the openssl-dev mailing list