[cryptography] [zfs] [Review] 4185 New hash algorithm support

Joachim Strömbergson Joachim at Strombergson.com
Tue Oct 22 08:34:29 EDT 2013

Hash: SHA1


CodesInChaos wrote:
> Is SipHash really that fast in this context? AFAIK it's only much 
> faster for short strings, since its block size is so small.

Actually it is the other way around. It is not that SipHash is bad for
long messages, it is that SipHash is oven more _much_ faster for small
messages than other MACs because the low total overhead. But the per
block overhead in SipHash is zero i.e. no setup, just round processing.
This means that SipHash (just lika many other algs) is more efficient
for longer messages than shorter.

The amortized cost for arbitrarily long messages is two rounds. For a
single block 32 Byte block message the cost is two plus four rounds,
which is worst case cost. If you use SipHash-2-4 that is.

> The downsides of SipHash are:
> * lack of collision resistance when the key is known * small 64 bit
> output, which means that collisions will happen frequently and need
> to be handled

I think those are much more relevant arguments.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the cryptography mailing list