From: shyouhei@... Date: 2017-01-09T07:51:29+00:00 Subject: [ruby-core:79022] [Ruby trunk Feature#13017] Switch SipHash from SipHash24 to SipHash13 Issue #13017 has been updated by Shyouhei Urabe. Yura Sokolov wrote: > Crypto-analyse of SipHash (and best result for SipHash13) > https://eprint.iacr.org/2014/722.pdf Thank you for the info. From what I read the "best result" the paper says for SipHash13 is collision probability of 2^-167. Because SipHash's internal state has 256 bits length, birthday attack against it finds collision in 2^-128 probability. In short the paper says SipHash13 has no efficient way to attack (yet). To me it's now OK to say SipHash13 has enough evidence to be safe. Let me +1. ---------------------------------------- Feature #13017: Switch SipHash from SipHash24 to SipHash13 https://bugs.ruby-lang.org/issues/13017#change-62430 * Author: Yura Sokolov * Status: Open * Priority: Normal * Assignee: * Target version: ---------------------------------------- SipHash13 is secure enough to be used in hash-tables, and SipHash's author confirms that. Rust already considered switch to SipHash13: https://github.com/rust-lang/rust/issues/29754#issue-116174313 Jean-Philippe Aumasson confirmation: https://github.com/rust-lang/rust/issues/29754#issuecomment-156073946 Merged pull request: https://github.com/rust-lang/rust/pull/33940 Github pull request https://github.com/ruby/ruby/pull/1501 ---Files-------------------------------- 0001-switch-SipHash-from-SipHash24-to-SipHash13-variant.patch (3.25 KB) -- https://bugs.ruby-lang.org/ Unsubscribe: