bad seed protection

Question

bad seed protection

rurban opened this issue 4 years ago · 3 comments

This hash function is like all MUM hashes vulnerable to some bad seeds, which when randomly selected by chance lead to security vulnerabilites, at least a high number of collisions independent of the key.

Please add a seed_init function and change the initial seed if you hit one of the bad seeds. See latest wyhash.

These bad seeds for final 3 (latest) are:

static void wyhash_seed_init(uint64_t &seed) { // yes, 2^33 bad values
  if ((seed & 0x14cc886e) || (seed & 0x1bf4ed84))
    seed++;
}
static void wyhash32_seed_init(uint32_t &seed) {
  if ((seed == 0x429dacdd) || (seed == 0xd637dbf3))
    seed++;
}

The CONDOM 2 variant should also work, but haven't finished testing it yet.
Haven't tested for your older final1, you can use the new smhasher BadSeeds test for it. final 3 is much faster on newer HW though. the magic numbers on final1 and 2 are a bit different, I think.

likern commented 3 years ago

Yes

Answer 1 · 2022-02-01T14:37:09.000Z

@rurban I think this should be created in Zig repo?
Because this implementation was added into Zig as official default hash function.

ziglang/zig#2797

Answer 2 · 2022-02-01T14:53:13.000Z

Yes, can you do that?