From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gabriel.scherer@gmail.com>
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83])
	by sympa.inria.fr (Postfix) with ESMTPS id 163007EE25
	for <caml-list@sympa.inria.fr>; Tue, 19 Nov 2013 10:14:43 +0100 (CET)
Received-SPF: None (mail2-smtp-roc.national.inria.fr: no sender
  authenticity information available from domain of
  gabriel.scherer@gmail.com) identity=pra;
  client-ip=209.85.214.51;
  receiver=mail2-smtp-roc.national.inria.fr;
  envelope-from="gabriel.scherer@gmail.com";
  x-sender="gabriel.scherer@gmail.com";
  x-conformance=sidf_compatible
Received-SPF: Pass (mail2-smtp-roc.national.inria.fr: domain of
  gabriel.scherer@gmail.com designates 209.85.214.51 as
  permitted sender) identity=mailfrom; client-ip=209.85.214.51;
  receiver=mail2-smtp-roc.national.inria.fr;
  envelope-from="gabriel.scherer@gmail.com";
  x-sender="gabriel.scherer@gmail.com";
  x-conformance=sidf_compatible; x-record-type="v=spf1"
Received-SPF: None (mail2-smtp-roc.national.inria.fr: no sender
  authenticity information available from domain of
  postmaster@mail-bk0-f51.google.com) identity=helo;
  client-ip=209.85.214.51;
  receiver=mail2-smtp-roc.national.inria.fr;
  envelope-from="gabriel.scherer@gmail.com";
  x-sender="postmaster@mail-bk0-f51.google.com";
  x-conformance=sidf_compatible
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiUDAC4ri1LRVdYzlWdsb2JhbABZgz9TrGCSXIEUCBYOAQEBAQcNCQkSKoIlAQEFQAEbCQkLAQMMBgULDQ0hIgERAQUBChIGExKHXAEDDw2jZoxXgwmEPQoZJwMKZIhmAQUMj0sHhDEDliiBaIEvjnIYKYRUOw
X-IPAS-Result: AiUDAC4ri1LRVdYzlWdsb2JhbABZgz9TrGCSXIEUCBYOAQEBAQcNCQkSKoIlAQEFQAEbCQkLAQMMBgULDQ0hIgERAQUBChIGExKHXAEDDw2jZoxXgwmEPQoZJwMKZIhmAQUMj0sHhDEDliiBaIEvjnIYKYRUOw
X-IronPort-AV: E=Sophos;i="4.93,728,1378850400"; 
   d="scan'208";a="43715824"
Received: from mail-bk0-f51.google.com ([209.85.214.51])
  by mail2-smtp-roc.national.inria.fr with ESMTP/TLS/RC4-SHA; 19 Nov 2013 10:14:42 +0100
Received: by mail-bk0-f51.google.com with SMTP id 6so991200bkj.38
        for <caml-list@inria.fr>; Tue, 19 Nov 2013 01:14:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-type;
        bh=1vVryXihgFUgZocsq0o/dXDHmc0xOhmuZExgWAvvUIA=;
        b=zltsqc8ZBs/XOz5/7kKdGZtYHPWrz9aXWI8jYwO+PTWKfNZdeJ3p/mIRFZlCE9ffRs
         B3z5IzeX3IFDdbxGznmrV5gHmba6GSo6viUtg7NAUbuQef16v9MINmydWmhHJPJdGNkT
         04eSHynXQEj5rPlNMjBJYxB3IwWdDIn6rAflAYoRpr1nvzFNXEXLy+F1U6Mfhqz2qaCk
         OK5QFiWvvqdKiuTfhJoxUmdx5P1fNbhot4COMOyRkP5yyKyIQBwzQ+70BBa75wrgc7KI
         Dz41XHizyjddjVGLW/Ljes16BTyd5hDMkwK4W6ssylAvh62ctuGYfEHGZUUJBR3cISgE
         /s+g==
X-Received: by 10.205.14.197 with SMTP id pr5mr58864bkb.33.1384852482027; Tue,
 19 Nov 2013 01:14:42 -0800 (PST)
MIME-Version: 1.0
Received: by 10.204.122.72 with HTTP; Tue, 19 Nov 2013 01:14:01 -0800 (PST)
In-Reply-To: <CAC3Lx=ZrsHau9NicrwTjz-Lt7R5ysdrh4S3KVMOc1vZAAhJpvA@mail.gmail.com>
References: <20131118204426.GA14731@annexia.org> <1384819720.4083.57.camel@zotac>
 <CAC3Lx=ZrsHau9NicrwTjz-Lt7R5ysdrh4S3KVMOc1vZAAhJpvA@mail.gmail.com>
From: Gabriel Scherer <gabriel.scherer@gmail.com>
Date: Tue, 19 Nov 2013 10:14:01 +0100
Message-ID: <CAPFanBGiuiYCe1Y8KKy+CB-P7xg6rkke0qU9CLpiB0xo89ziNQ@mail.gmail.com>
To: David MENTRE <dmentre@linux-france.org>
Cc: Gerd Stolpmann <info@gerd-stolpmann.de>, "Richard W.M. Jones" <rich@annexia.org>, 
	caml users <caml-list@inria.fr>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [Caml-list] Hardening [Perl's] hash function further

I've thought about this during the last debate on randomized hashing
(which I think is now known to be ineffective, as implemented, to be
secure), and I think a reasonable goal would be to use a balanced tree
of buckets to a good worst-case, instead of fighting at the hash
function level. As said at the time, this is what Core use, but I'm
not sure what the bookkeeping overhead is against current hashtables.
I hope it's possible to fight the constants to get something in the
same performance ballpark.

On Tue, Nov 19, 2013 at 8:53 AM, David MENTRE <dmentre@linux-france.org> wrote:
> Hello,
>
> 2013/11/19 Gerd Stolpmann <info@gerd-stolpmann.de>:
>> This article is more or less discussing cryptoattacks on an insecure
>> hash function, and the new versions of the functions are only "better"
>> but in no way safe (which you only get with crypto hashes or
>> dictionaries that don't allow collisions).
>
> Which in turn raises the question: Who has the responsibility to
> implement such hashes that can be exposed to the Internet: OCaml
> standard library or dedicated frameworks like OCamlNet or Ocsigen? In
> other words, shouldn't we keep simple hashes in the OCaml standard
> library (for people making regular programs) and let people making web
> applications chose the proper crypto hash in a specialized library?
>
> Best regards,
> david
>
> --
> Caml-list mailing list.  Subscription management and archives:
> https://sympa.inria.fr/sympa/arc/caml-list
> Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
> Bug reports: http://caml.inria.fr/bin/caml-bugs