FAQ
Good day, Go's developers.

It feels like fallback functions (hash32.go and hash64.go) look to be very
strong against "hash-flood" attack (aka "Seed Independent
Collisions"-"SIC").
Did anyone investigated possibility of such attack on this functions?
Could it be an article written about (for example, at blog.golang.org , or
someones personal blog)?

While many languages have switched to SipHash to protect against
"hash-flood", I believe it were a big mistake.
Fast non-cryptographic function certainly should exist which is resistant
to "SIC".
Looks like, Go's fallback function is very good candidate to be such
function.

If someone may make competent claim about, it will be good for wide
adoption of this function in other programming languages.

With regards,
Sokolov Yura aka funny_falcon.


--
You received this message because you are subscribed to the Google Groups "golang-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

  • Brad Fitzpatrick at May 10, 2016 at 2:34 pm
    Keith worked on making those resilient against hash flood attacks.

    On Tue, May 10, 2016 at 4:52 AM, Юрий Соколов wrote:

    Good day, Go's developers.

    It feels like fallback functions (hash32.go and hash64.go) look to be very
    strong against "hash-flood" attack (aka "Seed Independent
    Collisions"-"SIC").
    Did anyone investigated possibility of such attack on this functions?
    Could it be an article written about (for example, at blog.golang.org ,
    or someones personal blog)?

    While many languages have switched to SipHash to protect against
    "hash-flood", I believe it were a big mistake.
    Fast non-cryptographic function certainly should exist which is resistant
    to "SIC".
    Looks like, Go's fallback function is very good candidate to be such
    function.

    If someone may make competent claim about, it will be good for wide
    adoption of this function in other programming languages.

    With regards,
    Sokolov Yura aka funny_falcon.


    --
    You received this message because you are subscribed to the Google Groups
    "golang-dev" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to golang-dev+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
    --
    You received this message because you are subscribed to the Google Groups "golang-dev" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Keith Randall at May 10, 2016 at 3:08 pm
    I suppose I could write up a blog post about those (and aeshash, for that
    matter).

    On Tue, May 10, 2016 at 7:34 AM, Brad Fitzpatrick wrote:

    Keith worked on making those resilient against hash flood attacks.

    On Tue, May 10, 2016 at 4:52 AM, Юрий Соколов wrote:

    Good day, Go's developers.

    It feels like fallback functions (hash32.go and hash64.go) look to be
    very strong against "hash-flood" attack (aka "Seed Independent
    Collisions"-"SIC").
    Did anyone investigated possibility of such attack on this functions?
    Could it be an article written about (for example, at blog.golang.org ,
    or someones personal blog)?

    While many languages have switched to SipHash to protect against
    "hash-flood", I believe it were a big mistake.
    Fast non-cryptographic function certainly should exist which is resistant
    to "SIC".
    Looks like, Go's fallback function is very good candidate to be such
    function.

    If someone may make competent claim about, it will be good for wide
    adoption of this function in other programming languages.

    With regards,
    Sokolov Yura aka funny_falcon.


    --
    You received this message because you are subscribed to the Google Groups
    "golang-dev" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to golang-dev+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
    --
    You received this message because you are subscribed to the Google Groups "golang-dev" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Юрий Соколов at May 11, 2016 at 8:57 am
    It will be great!
    I suggest to write separate posts about 'fallback hash' and 'aeshash' to
    keep their size reasonable
    without sacrificing details.

    вторник, 10 мая 2016 г., 18:08:05 UTC+3 пользователь Keith Randall написал:
    I suppose I could write up a blog post about those (and aeshash, for that
    matter).


    On Tue, May 10, 2016 at 7:34 AM, Brad Fitzpatrick <brad...@golang.org
    <javascript:>> wrote:
    Keith worked on making those resilient against hash flood attacks.


    On Tue, May 10, 2016 at 4:52 AM, Юрий Соколов <funny....@gmail.com
    <javascript:>> wrote:
    Good day, Go's developers.

    It feels like fallback functions (hash32.go and hash64.go) look to be
    very strong against "hash-flood" attack (aka "Seed Independent
    Collisions"-"SIC").
    Did anyone investigated possibility of such attack on this functions?
    Could it be an article written about (for example, at blog.golang.org
    , or someones personal blog)?

    While many languages have switched to SipHash to protect against
    "hash-flood", I believe it were a big mistake.
    Fast non-cryptographic function certainly should exist which is
    resistant to "SIC".
    Looks like, Go's fallback function is very good candidate to be such
    function.

    If someone may make competent claim about, it will be good for wide
    adoption of this function in other programming languages.

    With regards,
    Sokolov Yura aka funny_falcon.


    --
    You received this message because you are subscribed to the Google
    Groups "golang-dev" group.
    To unsubscribe from this group and stop receiving emails from it, send
    an email to golang-dev+...@googlegroups.com <javascript:>.
    For more options, visit https://groups.google.com/d/optout.
    --
    You received this message because you are subscribed to the Google Groups "golang-dev" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupgolang-dev @
categoriesgo
postedMay 10, '16 at 11:52a
activeMay 11, '16 at 8:57a
posts4
users3
websitegolang.org

People

Translate

site design / logo © 2021 Grokbase