Hacker News new | ask | show | jobs
by haberman 3622 days ago
Please be aware that many common hash functions are easy to generate collisions for independent of the seed. This includes both MurmurHash and CityHash. These aren't poorly-designed hash functions: they have excellent distribution characteristics. But the way they use their seed wasn't designed to resist this kind of attack.
1 comments
Scaevolus 3621 days ago
Rather than "poorly-designed", I should have said "cryptographically insecure".

Most hash functions are engineered for speed and collision resistance, in that order. Trading collision resistance for speed is worthwhile for many workloads, since it barely affects the average case.

link
haberman 3621 days ago
> Most hash functions are engineered for speed and collision resistance, in that order.

I disagree with that assessment. I think most hash functions are designed for speed and good distribution of outputs given normal inputs. But designing to resist collisions against someone trying to deliberately create them is a different thing entirely.

> Trading collision resistance for speed is worthwhile for many workloads, since it barely affects the average case.

I think that is far from established. SipHash is marketed under this premise, but from what I have heard it is significantly slower, particularly for short inputs.

link
Scaevolus 3621 days ago
Yes, speed for normal inputs is what's generally desired.

A faster hash function can yield better overall performance than having fewer collisions. Here's some empirical evidence for this: https://www.strchr.com/hash_functions

The speed is correlated only weakly with the number of collisions-- and using the modern x86 CRC32 instruction yields the best results.

link
nickpsecurity 3621 days ago
I suggest somebody test SpookyHash-128 similarly to those to see how it performs. Designed to be collision resistant and fast.

http://www.burtleburtle.net/bob/hash/spooky.html

link
CiPHPerCoder 3620 days ago
Why not SipHash? https://www.131002.net/siphash/
link
nickpsecurity 3620 days ago
Cuz I either forgot it or never heard of it. Also looks to be one Perl comments are referencing. Has good performance and published cryptanalysis. That's awesome! Looks to be good default for this sort of thing. Thanks for the link. Definitely going in bookmarks & probably future apps :)
link