Issue #13017 has been updated by Shyouhei Urabe.


Yura Sokolov wrote:
> Crypto-analyse of SipHash (and best result for SipHash13)
> https://eprint.iacr.org/2014/722.pdf

Thank you for the info.  From what I read the "best result" the paper says for SipHash13 is collision probability of 2^-167.  Because SipHash's internal state has 256 bits length, birthday attack against it finds collision in 2^-128 probability.

In short the paper says SipHash13 has no efficient way to attack (yet).  To me it's now OK to say SipHash13 has enough evidence to be safe.  Let me +1.

----------------------------------------
Feature #13017: Switch SipHash from SipHash24 to SipHash13
https://bugs.ruby-lang.org/issues/13017#change-62430

* Author: Yura Sokolov
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
----------------------------------------
SipHash13 is secure enough to be used in hash-tables, and SipHash's author confirms that.
Rust already considered switch to SipHash13:
  https://github.com/rust-lang/rust/issues/29754#issue-116174313
Jean-Philippe Aumasson confirmation:
  https://github.com/rust-lang/rust/issues/29754#issuecomment-156073946
Merged pull request:
  https://github.com/rust-lang/rust/pull/33940

Github pull request https://github.com/ruby/ruby/pull/1501


---Files--------------------------------
0001-switch-SipHash-from-SipHash24-to-SipHash13-variant.patch (3.25 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>