Issue #13017 has been updated by Shyouhei Urabe.


We looked at this issue at today's developer meeting.  However there were no cryptological experts.  We could not be sure about the safety of this change.

SipHash24 is slower, but it seems stronger than SipHash13 to me.  So I think it is at least safe to remain in current implementation.  Why not consider merging this in 2.5?

----------------------------------------
Feature #13017: Switch SipHash from SipHash24 to SipHash13
https://bugs.ruby-lang.org/issues/13017#change-62179

* Author: Yura Sokolov
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
----------------------------------------
SipHash13 is secure enough to be used in hash-tables, and SipHash's author confirms that.
Rust already considered switch to SipHash13:
  https://github.com/rust-lang/rust/issues/29754#issue-116174313
Jean-Philippe Aumasson confirmation:
  https://github.com/rust-lang/rust/issues/29754#issuecomment-156073946
Merged pull request:
  https://github.com/rust-lang/rust/pull/33940

Github pull request https://github.com/ruby/ruby/pull/1501


---Files--------------------------------
0001-switch-SipHash-from-SipHash24-to-SipHash13-variant.patch (3.25 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>