Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SipHash is a cryptographically strong MAC designed for use in hash tables. Previously
Redis switched to murmur2 to try to prevent hash flooding DoS attacks:
da920e7
Unfortunately, murmur2 and murmur3 are both easy to attack, as there are algorithms which
can quickly generate arbitrarily many keys that all hash to the same value regardless of
what the seed is:
https://www.131002.net/siphash/murmur2collisions-20120821.tar.gz
By switching to SipHash, we get strong resistance to this kind of attack, without any
noticeable slowdown on either redis-benchmark or "DEBUG POPULATE 1000000". According to
the SUPERCOP benchmarks, this good hash performance holds true for both large and small
keys across all CPU architectures and models tested:
http://bench.cr.yp.to/impl-auth/siphash24.html
This patch also switches to using /dev/urandom as a source of high-quality randomness for
key generation on server startup, unless it is unavailable, in which case time and pid
are used instead.