Libsodium documentation
  • Introduction
  • Installation
  • Quickstart and FAQ
  • Projects using libsodium
  • Commercial support
  • Bindings for other languages
  • Usage
  • Helpers
  • Padding
  • Secure memory
  • Generating random data
  • Secret-key cryptography
    • Authenticated encryption
    • Encrypted streams and file encryption
    • Encrypting a set of related messages
    • Authentication
    • AEAD constructions
      • ChaCha20-Poly1305
        • Original ChaCha20-Poly1305 construction
        • IETF ChaCha20-Poly1305 construction
        • XChaCha20-Poly1305 construction
      • AEGIS-256
      • AEGIS-128L
      • AES256-GCM
        • AES256-GCM with precomputation
  • Public-key cryptography
    • Authenticated encryption
    • Public-key signatures
    • Sealed boxes
  • Hashing
    • Generic hashing
    • Short-input hashing
  • Password hashing
    • The pwhash* API
  • Key derivation
    • HKDF
  • Key exchange
  • Advanced
    • SHA-2
    • HMAC-SHA-2
    • The Scrypt function
    • Point*scalar multiplication
    • One-time authentication
    • Stream ciphers
      • ChaCha20
      • XChaCha20
      • Salsa20
      • XSalsa20
    • Ed25519 to Curve25519
    • Finite field arithmetic
      • Ristretto
    • Custom RNG
  • Internals
  • Roadmap
Powered by GitBook
On this page
  • Example
  • Purpose
  • Usage
  • Constants
  • Algorithm details
  • Notes
  1. Hashing

Short-input hashing

Example

#define SHORT_DATA ((const unsigned char *) "Sparkling water")
#define SHORT_DATA_LEN 15

unsigned char hash[crypto_shorthash_BYTES];
unsigned char key[crypto_shorthash_KEYBYTES];

crypto_shorthash_keygen(key);
crypto_shorthash(hash, SHORT_DATA, SHORT_DATA_LEN, key);

Purpose

Many applications and programming language implementations were recently found to be vulnerable to denial-of-service (DoS) attacks when a hash function with weak security guarantees, such as MurmurHash3, was used to construct a hash table.

To address this, Sodium provides the crypto_shorthash() function, which outputs short but unpredictable (without knowing the secret key) values suitable for picking a list in a hash table for a given key.

This function is optimized for short inputs.

The output of this function is only 64 bits. Therefore, it should not be considered collision-resistant.

Use cases:

  • Hash tables

  • Probabilistic data structures, such as Bloom filters

  • Integrity checking in interactive protocols

Usage

int crypto_shorthash(unsigned char *out, const unsigned char *in,
                     unsigned long long inlen, const unsigned char *k);

Compute a fixed-size (crypto_shorthash_BYTES bytes) fingerprint for the message in whose length is inlen bytes, using the key k.

The k is crypto_shorthash_KEYBYTES bytes and can be created using crypto_shorthash_keygen().

The same message hashed with the same key will always produce the same output.

Constants

  • crypto_shorthash_BYTES

  • crypto_shorthash_KEYBYTES

Algorithm details

SipHash-2-4

Notes

  • The key must remain secret. This function will not provide any mitigations against DoS attacks if the key is known from attackers.

  • libsodium >= 1.0.12 also implements a variant of SipHash with the same key size but a 128-bit output, accessible as crypto_shorthash_siphashx24().

PreviousGeneric hashingNextPassword hashing

Last updated 1 year ago

When building hash tables, it is recommended to use a prime number for the table size. This ensures that all bits from the output of the hash function are being used. Mapping the range of the hash function to [0..N) can be done efficiently .

without modulo reduction