From: Theodore Ts'o <tytso@mit.edu>
To: George Spelvin <linux@horizon.com>
Cc: adilger@dilger.ca, linux-ext4@vger.kernel.org
Subject: Re: [RFC] mke2fs -E hash_alg=siphash: any interest?
Date: Tue, 23 Sep 2014 19:22:06 -0400 [thread overview]
Message-ID: <20140923232206.GI17784@thunk.org> (raw)
In-Reply-To: <20140923230023.19419.qmail@ns.horizon.com>
On Tue, Sep 23, 2014 at 07:00:23PM -0400, George Spelvin wrote:
> It's worse than that. The dcache has an great hit rate, and you have to
> force misses. But if you actually hit the disk a lot, that will dwarf
> hashing performance into unmeasurability.
>
> So it requires a very cleverly designed benchmark to highlight it.
Well, yes. That's why I suggested doing something with a RAM disk.
Perhaps creating a huge number of zero length files, then unmounting
the the file system and remounting it, and then deleting the huge
number of zero length files.
If that doesn't show an improvement, then it's unlikely any real world
use case would likely show an improvement....
> By criterion 2, SipHash *is* significantly stronger: it's presented at
> crypto conferences, been studied, and is widely used.
>
> halfmd4 a very ad-hoc primitive that I don't think anyone's looked at
> seriously.
>
> It's not obviously terrible, and it's possible that halfmd4 is more work
> to break, but we won't know until someone with cryptanalytic skill takes
> a swing at it.
The other thing to consider is what you get if you manage to crack the
crypto, which is that you might be able to force the worst case
performance, and possibly cause a directory creation to fail with an
ENOENT if the huge number of hash collisions cause the two-level htree
to overfill.
Neither is going to get you a huge amount, so it this decreases the
incentive for someone to spend a lot of effort trying to attack the
system. I'm quite certain though that if there is some way such a
failure could cause an Iranian nuclear centrifuge to fail
catastrophically, our friends at Fort Meade would have absolutely no
problems finding an attack. After all, they did for MD5. :-)
Cheers,
- Ted
next prev parent reply other threads:[~2014-09-23 23:22 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-21 9:53 [RFC] mke2fs -E hash_alg=siphash: any interest? George Spelvin
2014-09-21 17:55 ` Theodore Ts'o
2014-09-21 21:04 ` linux
2014-09-21 22:08 ` TR Reardon
2014-09-22 2:31 ` George Spelvin
2014-09-22 17:09 ` Theodore Ts'o
2014-09-22 23:14 ` George Spelvin
2014-09-22 1:17 ` Theodore Ts'o
2014-09-23 22:25 ` Andreas Dilger
2014-09-23 23:00 ` George Spelvin
2014-09-23 23:22 ` Theodore Ts'o [this message]
2014-09-24 0:37 ` George Spelvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140923232206.GI17784@thunk.org \
--to=tytso@mit.edu \
--cc=adilger@dilger.ca \
--cc=linux-ext4@vger.kernel.org \
--cc=linux@horizon.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.