From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) by sympa.inria.fr (Postfix) with ESMTPS id 4443E7EE25 for ; Wed, 20 Nov 2013 19:56:18 +0100 (CET) Received-SPF: None (mail3-smtp-sop.national.inria.fr: no sender authenticity information available from domain of fw@deneb.enyo.de) identity=pra; client-ip=87.106.162.201; receiver=mail3-smtp-sop.national.inria.fr; envelope-from="fw@deneb.enyo.de"; x-sender="fw@deneb.enyo.de"; x-conformance=sidf_compatible Received-SPF: None (mail3-smtp-sop.national.inria.fr: no sender authenticity information available from domain of fw@deneb.enyo.de) identity=mailfrom; client-ip=87.106.162.201; receiver=mail3-smtp-sop.national.inria.fr; envelope-from="fw@deneb.enyo.de"; x-sender="fw@deneb.enyo.de"; x-conformance=sidf_compatible Received-SPF: None (mail3-smtp-sop.national.inria.fr: no sender authenticity information available from domain of postmaster@ka.mail.enyo.de) identity=helo; client-ip=87.106.162.201; receiver=mail3-smtp-sop.national.inria.fr; envelope-from="fw@deneb.enyo.de"; x-sender="postmaster@ka.mail.enyo.de"; x-conformance=sidf_compatible X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ag4FABgFjVJXaqLJ/2dsb2JhbABZgwe+eoEaFnSCJgEFeRALISUPAUcGiBgBwQ8XjyQzB4QyA55Ri06DKTs X-IPAS-Result: Ag4FABgFjVJXaqLJ/2dsb2JhbABZgwe+eoEaFnSCJgEFeRALISUPAUcGiBgBwQ8XjyQzB4QyA55Ri06DKTs X-IronPort-AV: E=Sophos;i="4.93,738,1378850400"; d="scan'208";a="36817548" Received: from ka.mail.enyo.de ([87.106.162.201]) by mail3-smtp-sop.national.inria.fr with ESMTP/TLS/AES256-SHA; 20 Nov 2013 19:56:17 +0100 Received: from [172.17.135.4] (helo=deneb.enyo.de) by ka.mail.enyo.de with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) id 1VjCwb-0003UB-4D; Wed, 20 Nov 2013 19:56:09 +0100 Received: from fw by deneb.enyo.de with local (Exim 4.80) (envelope-from ) id 1VjCwb-0004Lf-07; Wed, 20 Nov 2013 19:56:09 +0100 From: Florian Weimer To: Dario Teixeira Cc: Gabriel Scherer , David MENTRE , Gerd Stolpmann , "Richard W.M. Jones" , caml users References: <20131118204426.GA14731@annexia.org> <1384819720.4083.57.camel@zotac> <1384859953.62343.YahooMailNeo@web120403.mail.ne1.yahoo.com> Date: Wed, 20 Nov 2013 19:56:08 +0100 In-Reply-To: <1384859953.62343.YahooMailNeo@web120403.mail.ne1.yahoo.com> (Dario Teixeira's message of "Tue, 19 Nov 2013 03:19:13 -0800 (PST)") Message-ID: <878uwinbqv.fsf@mid.deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [Caml-list] Hardening [Perl's] hash function further * Dario Teixeira: > =A0- Any hashtable implementation that uses a non-cryptographic hash func= tion > =A0=A0 and relies on an association list of buckets is vulnerable to atta= cks > =A0=A0 that force the worst-case O(n) behaviour.=A0 Though you can buy so= me time > =A0=A0 by tweaking the hash function, you are still stuck in an arms race= with > =A0=A0 attackers. You just need a keyed hash with a secret key, not a general-purpose cryptographic hash function. So far, Jenkins' lookup3 function still stands.