Issue #13017 has been updated by Yura Sokolov.


But you can read what SipHash author (Jean-Philippe Aumasson) said about this in Rust discussion (link in issue text).

And Vladimir cites the best known attack is just "distinguisher" ie "attacker may differentiate output of SipHash13 from pure random". Given it is already known that ruby uses SipHash, attacker will no know anything new.

----------------------------------------
Feature #13017: Switch SipHash from SipHash24 to SipHash13
https://bugs.ruby-lang.org/issues/13017#change-62091

* Author: Yura Sokolov
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
----------------------------------------
SipHash13 is secure enough to be used in hash-tables, and SipHash's author confirms that.
Rust already considered switch to SipHash13:
  https://github.com/rust-lang/rust/issues/29754#issue-116174313
Jean-Philippe Aumasson confirmation:
  https://github.com/rust-lang/rust/issues/29754#issuecomment-156073946
Merged pull request:
  https://github.com/rust-lang/rust/pull/33940

Github pull request https://github.com/ruby/ruby/pull/1501


---Files--------------------------------
0001-switch-SipHash-from-SipHash24-to-SipHash13-variant.patch (3.25 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>