| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20141204081147.GA19030@gondor.apana.org.au> Date: Thu, 4 Dec 2014 16:11:47 +0800 From: Herbert Xu <herbert@...dor.apana.org.au> To: Thomas Graf <tgraf@...g.ch>, Daniel Borkmann <dborkman@...hat.com>, "David S. Miller" <davem@...emloft.net>, Theodore Ts'o <tytso@....edu>, netdev@...r.kernel.org, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Where exactly will arch_fast_hash be used Hi: While working on rhashtable it came to me that this whole concept of arch_fast_hash is flawed. CRCs are linear functions so it's fairly easy for an attacker to identify collisions or at least eliminate a large amount of search space (e.g., controlling the last bit of the hash result is almost trivial, even when you add a random seed). So what exactly are we going to use arch_fast_hash for? Presumably it's places where security is never goint to be an issue, right? Even if security wasn't an issue, straight CRC32 has really poor lower-order bit distribution, which makes it a terrible choice for a hash table that simply uses the lower-order bits. Cheers, -- Email: Herbert Xu <herbert@...dor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists