On Tue, Feb 20, 2007 at 07:49:11AM -0800, Michael K. Edwards ([EMAIL
PROTECTED]) wrote:
> On 2/20/07, Evgeniy Polyakov <[EMAIL PROTECTED]> wrote:
> >Jenkins _does_ have them, I showed tests half a year ago and in this
> >thread too. Actually _any_ hash has them it is just a matter of time
> >to find one.
>
> I think you misunderstood me. If you are trying to DoS me from
> outside with a hash collision attack, you are trying to feed me
> packets that fall into the same hash bucket. The Jenkins hash does
> not have to be artifact-free, and does not have to be
> cryptographically strong. It just has to do a passable job of mixing
> a random salt into the tuple, so you don't know which string of
> packets to feed me in order to fill one (or a few) of my buckets.
> XORing salt into a folded tuple doesn't help; it just permutes the
> buckets.
Adding XOR with constant value does not change distribution.
Variable salt will end up with differnet buckets for the same flow.
It is forbidden - it is not the situation created for passwd/des decades
ago.
> Cheers,
> - Michael
--
Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
