Re: ipv6 connection hash function wanted ...

Oliver Fromme wrote:
Max Laier wrote:
David Malone wrote:
Assuming you don't want to use one of the standard cryptographic
ones (which I can imagine being a bit slow for something done
per-packet), then one option might be to use a simpler hash that
is keyed. Choose the key at boot/module load time and make it hard
to produce collisions unless you know the key.

That's exactly what I am looking for ... now I need someone[tm] - with
better Math-Knowledge than mine - to write such a thing down in a simple
formula :-) i.e. take those bits from there and there and XOR them with
your canary yada-yada-yada ...

In that case, simply use crc32 (available from libkern.h)
and xor with a random key generated at boot time. crc32
is fast to calculate and has the properties that you need.

Uhm, sorry, after reading that sentence again and thinking
about it, it seems to be misleading.

You have to xor with a random key _first_, and _then_
calculate the crc32 value. If you did it the other way,
the random key would not prevent from collisions at all,
because: same_crc ^ same_key == same_hash. ;-)

Suppose a malicious user is able to create two different
sets of connections parameters (P1 and P2) which have the
same CRC32 value (without using a key):

P1 != P2
crc32(P1) == crc32(P2)

If you xor (or add) the random key K to the parameters,
it will change the outcome of the crc32 calculation in
different ways:

crc32(P1 ^ K) != crc32(P2 ^ K)

Best regards
Oliver

--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"I made up the term 'object-oriented', and I can tell you
I didn't have C++ in mind."
-- Alan Kay, OOPSLA '97
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: ipv6 connection hash function wanted ...
    ... simply use crc32 ... and xor with a random key generated at boot time. ... Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing ...
    (freebsd-hackers)
  • Re: Encrypt or hide the config in ini file
    ... This is a simple means of generating a random key, ... and then using it to encrypt/decrypt so that it can't be determined easily ... My purpose is just to stop anyone a) opening the INI file and just ... seeing the password stored in the clear and b) trying a quick XOR on it. ...
    (borland.public.delphi.thirdpartytools.general)