Comment on page
#define SHORT_DATA ((const unsigned char *) "Sparkling water")
#define SHORT_DATA_LEN 15
unsigned char hash[crypto_shorthash_BYTES];
unsigned char key[crypto_shorthash_KEYBYTES];
crypto_shorthash(hash, SHORT_DATA, SHORT_DATA_LEN, key);
Many applications and programming language implementations were recently found to be vulnerable to denial-of-service (DoS) attacks when a hash function with weak security guarantees, such as MurmurHash3, was used to construct a hash table.
To address this, Sodium provides the
crypto_shorthash()function, which outputs short but unpredictable (without knowing the secret key) values suitable for picking a list in a hash table for a given key.
This function is optimized for short inputs.
The output of this function is only 64 bits. Therefore, it should not be considered collision-resistant.
- Hash tables
- Probabilistic data structures, such as Bloom filters
- Integrity checking in interactive protocols
int crypto_shorthash(unsigned char *out, const unsigned char *in,
unsigned long long inlen, const unsigned char *k);
Compute a fixed-size (
crypto_shorthash_BYTESbytes) fingerprint for the message
inwhose length is
inlenbytes, using the key
crypto_shorthash_KEYBYTESbytes and can be created using
The same message hashed with the same key will always produce the same output.
- The key must remain secret. This function will not provide any mitigations against DoS attacks if the key is known from attackers.
- When building hash tables, it is recommended to use a prime number for the table size. This ensures that all bits from the output of the hash function are being used. Mapping the range of the hash function to
[0..N)can be done efficiently without modulo reduction.
- libsodium >= 1.0.12 also implements a variant of SipHash with the same key size but a 128-bit output, accessible as