Last updated
Last updated
Many applications and programming language implementations were recently found to be vulnerable to denial-of-service (DoS) attacks when a hash function with weak security guarantees, such as MurmurHash3, was used to construct a hash table.
To address this, Sodium provides the crypto_shorthash()
function, which outputs short but unpredictable (without knowing the secret key) values suitable for picking a list in a hash table for a given key.
This function is optimized for short inputs.
The output of this function is only 64 bits. Therefore, it should not be considered collision-resistant.
Use cases:
Hash tables
Probabilistic data structures, such as Bloom filters
Integrity checking in interactive protocols
Compute a fixed-size (crypto_shorthash_BYTES
bytes) fingerprint for the message in
whose length is inlen
bytes, using the key k
.
The k
is crypto_shorthash_KEYBYTES
bytes and can be created using crypto_shorthash_keygen()
.
The same message hashed with the same key will always produce the same output.
crypto_shorthash_BYTES
crypto_shorthash_KEYBYTES
SipHash-2-4
The key must remain secret. This function will not provide any mitigations against DoS attacks if the key is known from attackers.
libsodium >= 1.0.12 also implements a variant of SipHash with the same key size but a 128-bit output, accessible as crypto_shorthash_siphashx24()
.
When building hash tables, it is recommended to use a prime number for the table size. This ensures that all bits from the output of the hash function are being used. Mapping the range of the hash function to [0..N)
can be done efficiently .