From mboxrd@z Thu Jan 1 00:00:00 1970 From: Evgeniy Polyakov Subject: Re: Extensible hashing and RCU Date: Tue, 20 Feb 2007 18:59:28 +0300 Message-ID: <20070220155928.GA26600@2ka.mipt.ru> References: <200702191913.08125.dada1@cosmosbay.com> <20070220092523.GA6238@2ka.mipt.ru> <200702201104.16200.dada1@cosmosbay.com> <20070220.021209.39159087.davem@davemloft.net> <20070220151119.GA17326@2ka.mipt.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Cc: David Miller , dada1@cosmosbay.com, akepner@sgi.com, linux@horizon.com, netdev@vger.kernel.org, bcrl@kvack.org To: "Michael K. Edwards" Return-path: Received: from relay.2ka.mipt.ru ([194.85.82.65]:34064 "EHLO 2ka.mipt.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965190AbXBTQBb (ORCPT ); Tue, 20 Feb 2007 11:01:31 -0500 Content-Disposition: inline In-Reply-To: Sender: netdev-owner@vger.kernel.org List-Id: netdev.vger.kernel.org On Tue, Feb 20, 2007 at 07:49:11AM -0800, Michael K. Edwards (medwards.linux@gmail.com) wrote: > On 2/20/07, Evgeniy Polyakov wrote: > >Jenkins _does_ have them, I showed tests half a year ago and in this > >thread too. Actually _any_ hash has them it is just a matter of time > >to find one. > > I think you misunderstood me. If you are trying to DoS me from > outside with a hash collision attack, you are trying to feed me > packets that fall into the same hash bucket. The Jenkins hash does > not have to be artifact-free, and does not have to be > cryptographically strong. It just has to do a passable job of mixing > a random salt into the tuple, so you don't know which string of > packets to feed me in order to fill one (or a few) of my buckets. > XORing salt into a folded tuple doesn't help; it just permutes the > buckets. Adding XOR with constant value does not change distribution. Variable salt will end up with differnet buckets for the same flow. It is forbidden - it is not the situation created for passwd/des decades ago. > Cheers, > - Michael -- Evgeniy Polyakov