Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:96039 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 42891 invoked from network); 20 Sep 2016 14:33:49 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Sep 2016 14:33:49 -0000 Authentication-Results: pb1.pair.com header.from=scott@paragonie.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=scott@paragonie.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain paragonie.com designates 209.85.218.52 as permitted sender) X-PHP-List-Original-Sender: scott@paragonie.com X-Host-Fingerprint: 209.85.218.52 mail-oi0-f52.google.com Received: from [209.85.218.52] ([209.85.218.52:34535] helo=mail-oi0-f52.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id ED/68-19521-CC841E75 for ; Tue, 20 Sep 2016 10:33:48 -0400 Received: by mail-oi0-f52.google.com with SMTP id a62so23745488oib.1 for ; Tue, 20 Sep 2016 07:33:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paragonie-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ECMJYS3PRbXqqj1QbZfUROiBh6HQg+AH0L/I/X7YPz0=; b=O65OkOnYAl//6RSvPIz6hB1dHRmzXNZv6ISNiF5ai14TlX+iZ86QjXbmBy5375oQTk d2MoUqpwPrv+HNa1OlFvbevV2xWxL8Nkw+Zcb1OH1HuTYh2dTFSg5Doi/BhamEynqMi4 ZW4SQ2fuDivMkZPwFKfNLdoAO9eJb3X+TpH5e4hKJFxRR5XRSLkUkWEhES9RdTkHgib5 aPTdrsigflxfWMirQdC7zMwLkxIY5uB++QdSI0l6RKu/WLU/0A1Vb4e5A7RAt2wkFo26 1hlDYl/+tlT6ea7Lbw67jpNPmAftq8ZRAGncjzaCoSTcdCPYPWrdyyaaXOpXNkPuJdLG xz3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ECMJYS3PRbXqqj1QbZfUROiBh6HQg+AH0L/I/X7YPz0=; b=NJiX22Bsp3gh+OiAxC0jyGCUgHOI4tRyo5auB4u9/rytaalUGDmaa7Z8ou2JxNCIao mkIPMMNBJ/h1Jw0gPl5iuIIld8pe7N48NSI3OF22B++IrXOpIziBBSnUNp3ZQlGDIbK5 Oi6jdG3zeMPideuUbhU7/Xhl1lyAXlqJEoKO+V3QkIvxwBxwlew+oucoSvhWKxmS6Jl1 JZLxgor9EgvJkWxerDYe8npdokRe8Gs3bdPV+yVCPgQY4xvlDC8RmSa+tnMDOzohEdgY P/QRpsfveJRAJlZcLrqOG3nL1pKM1OG00VThiMipYZFS0jbiJfvkSRSFG4UGccJK/P7l yBvg== X-Gm-Message-State: AE9vXwOhCmEzW6Px4mBBr14UL+QbBOMfbCmXFvX6zE8NfHntBbJVCtVPway/HNU9npFspWOOiVRmhA3x6DsO5w== X-Received: by 10.202.245.206 with SMTP id t197mr41167620oih.162.1474382025315; Tue, 20 Sep 2016 07:33:45 -0700 (PDT) MIME-Version: 1.0 Received: by 10.157.25.135 with HTTP; Tue, 20 Sep 2016 07:33:44 -0700 (PDT) In-Reply-To: References: <7d5727ba-da33-e3c5-1d1f-318c45d81616@cubiclesoft.com> Date: Tue, 20 Sep 2016 10:33:44 -0400 Message-ID: To: Yasuo Ohgaki Cc: Stanislav Malyshev , Thomas Hruska , PHP Internals Content-Type: multipart/alternative; boundary=001a113decbce1f1e7053cf15030 Subject: Re: [PHP-DEV] HashDoS From: scott@paragonie.com (Scott Arciszewski) --001a113decbce1f1e7053cf15030 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Sat, Sep 17, 2016 at 6:35 PM, Yasuo Ohgaki wrote: > Hi all, > > On Sat, Sep 17, 2016 at 5:13 PM, Stanislav Malyshev > wrote: > >> Significant degradation? > >> > >> SipHash 1-3 is almost as fast as HashDoS-vulnerable hash > >> functions: https://github.com/funny-falcon/funny_hash > > > > I see on this link comparison to Murmur3 - but that's not the function > > we are using. Is there a comparison to PHP one? > > Unfortunately, SipHash was a lot slower. BJB hash is simple and super > fast, even google's CityHash was a lot slower when I tested. (Sorry I > don't keep the number) > > I think we are better to limit max collisions. > I'm +1 for Nikita's proposal does this. > > Regards, > > -- > Yasuo Ohgaki > yohgaki@ohgaki.net > As long as the pro=E2=80=8Bblem gets solved, I'm not in favor of any partic= ular solution. I do find this amusing, though: the author of djb3 was Daniel J Bernstein, who also helped develop SipHash. I guess non-cryptographic hash functions are a small world. Nikita: - Do you think your proposed strategy can solve this problem entirely without dropping djb3? - Would randomization still help as a defense-in-depth? To elaborate on the second question: even a 4-byte prefix for the hash function inputs that's randomly generated at $appropriateIntervalHere might make intentional collisions harder to trigger. (Then again, maybe not! The underlying structure of djb3 isn't exactly cryptographic.) To be clear, "Yes this is entirely solved without switching away from djb" + "No, randomization just hurts opcache and doesn't buy us any security" are an acceptable set of answers to these questions. I just wanted to ask. Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises --001a113decbce1f1e7053cf15030--