Switch hash function to SipHash. #718
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SipHash is a cryptographically strong MAC designed for use in hash tables. Previously Redis switched to murmur2 to try to prevent hash flooding DoS attacks: redis@da920e7 Unfortunately, murmur2 and murmur3 are both easy to attack, as there are algorithms which can quickly generate arbitrarily many keys that all hash to the same value regardless of what the seed is: https://www.131002.net/siphash/murmur2collisions-20120821.tar.gz By switching to SipHash, we get strong resistance to this kind of attack, without any noticeable slowdown on either redis-benchmark or "DEBUG POPULATE 1000000". According to the SUPERCOP benchmarks, this good hash performance holds true for both large and small keys across all CPU architectures and models tested: http://bench.cr.yp.to/impl-auth/siphash24.html This patch also switches to using /dev/urandom as a source of high-quality randomness for key generation on server startup, unless it is unavailable, in which case time and pid are used instead.
… randomization in case-insensitive hash function, since it's never used on user-supplied keys, and the 5381 constant empirically gives good results.
|
The second commit was needed to make GCC 4.5 happy; previously I'd only tested with Clang/MacOS, but now I've also tested with GCC/Linux. All tests pass, and as before, the performance difference is negligible. (On my tests, the new code usually looks slightly faster, but the difference is in the noise.) |
|
Thanks, this feature is approved, I'll merge in the next days after review and speed regression testing. |
|
Has been replaced with SipHash at adeed29. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SipHash is a cryptographically strong MAC designed for use in hash tables. Previously
Redis switched to murmur2 to try to prevent hash flooding DoS attacks:
da920e7
Unfortunately, murmur2 and murmur3 are both easy to attack, as there are algorithms which
can quickly generate arbitrarily many keys that all hash to the same value regardless of
what the seed is:
https://www.131002.net/siphash/murmur2collisions-20120821.tar.gz
By switching to SipHash, we get strong resistance to this kind of attack, without any
noticeable slowdown on either redis-benchmark or "DEBUG POPULATE 1000000". According to
the SUPERCOP benchmarks, this good hash performance holds true for both large and small
keys across all CPU architectures and models tested:
http://bench.cr.yp.to/impl-auth/siphash24.html
This patch also switches to using /dev/urandom as a source of high-quality randomness for
key generation on server startup, unless it is unavailable, in which case time and pid
are used instead.