Issue #13017 has been updated by Shyouhei Urabe.


I was learning about SipHash13 this holiday season.

I understand that the whole concept of using SipHash as hash function of hash tables is to resist hashDoS-analogous attacks.  If hashDoS aws not a problem then we could use more fast-but-insecure hash function at will.  Then how about SipHash13? The SipHash author says SipHash13 is fast _and_ safe, but so far I have not been successful to find any reason why.  To be fair I also have not found any evidence that it is insufficient.  Instead, I found that HighwayHash author published a paper very recently https://arxiv.org/pdf/1612.06257.pdf which includes some empirical experiments against SipHash13 (seems no problem to me).

At this point I think we have 2 options (1) trust the author anyways, or (2) ask him to disclose the reason behind his opinion.  My private feeling is that "it's fine because someone says it's fine" does not sound like a security decision.  But if we decide to give it a try, it is also OK to me because SipHash13 does seem safe to me (from an amateur point of view).

----------------------------------------
Feature #13017: Switch SipHash from SipHash24 to SipHash13
https://bugs.ruby-lang.org/issues/13017#change-62368

* Author: Yura Sokolov
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
----------------------------------------
SipHash13 is secure enough to be used in hash-tables, and SipHash's author confirms that.
Rust already considered switch to SipHash13:
  https://github.com/rust-lang/rust/issues/29754#issue-116174313
Jean-Philippe Aumasson confirmation:
  https://github.com/rust-lang/rust/issues/29754#issuecomment-156073946
Merged pull request:
  https://github.com/rust-lang/rust/pull/33940

Github pull request https://github.com/ruby/ruby/pull/1501


---Files--------------------------------
0001-switch-SipHash-from-SipHash24-to-SipHash13-variant.patch (3.25 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>