| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Feb 2007 11:56:08 +0300 From: Evgeniy Polyakov <johnpol@....mipt.ru> To: "Michael K. Edwards" <medwards.linux@...il.com> Cc: Eric Dumazet <dada1@...mosbay.com>, David Miller <davem@...emloft.net>, akepner@....com, linux@...izon.com, netdev@...r.kernel.org, bcrl@...ck.org Subject: Re: Extensible hashing and RCU On Tue, Feb 20, 2007 at 12:09:59PM -0800, Michael K. Edwards (medwards.linux@...il.com) wrote: > On 2/20/07, Michael K. Edwards <medwards.linux@...il.com> wrote: > >Correct. That's called a "weak hash", and Jenkins is known to be a > >thoroughly weak hash. That's why you never, ever use it without a > >salt, and you don't let an attacker inspect the hash output either. > > Weak in a cryptographic sense, of course. Excellent avalanche > behavior, though, which is what you care about in a salted hash. > http://en.wikipedia.org/wiki/Hash_table I repeat again - add your salt into jenkins hash and I will show you that it has the same problems. So, I'm waiting for your patch for jhash_*_words(). > I know nothing about data structures and algorithms except what I read > on the Internet. But you'd be amazed what's on the Internet. > > Cheers, > - Michael -- Evgeniy Polyakov - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists