From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: caml-list@sympa.inria.fr Delivered-To: caml-list@sympa.inria.fr Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) by sympa.inria.fr (Postfix) with ESMTPS id 605BF7EE25 for ; Tue, 19 Nov 2013 01:08:54 +0100 (CET) Received-SPF: None (mail3-smtp-sop.national.inria.fr: no sender authenticity information available from domain of info@gerd-stolpmann.de) identity=pra; client-ip=212.227.17.10; receiver=mail3-smtp-sop.national.inria.fr; envelope-from="info@gerd-stolpmann.de"; x-sender="info@gerd-stolpmann.de"; x-conformance=sidf_compatible Received-SPF: None (mail3-smtp-sop.national.inria.fr: no sender authenticity information available from domain of info@gerd-stolpmann.de) identity=mailfrom; client-ip=212.227.17.10; receiver=mail3-smtp-sop.national.inria.fr; envelope-from="info@gerd-stolpmann.de"; x-sender="info@gerd-stolpmann.de"; x-conformance=sidf_compatible Received-SPF: Pass (mail3-smtp-sop.national.inria.fr: domain of postmaster@moutng.kundenserver.de designates 212.227.17.10 as permitted sender) identity=helo; client-ip=212.227.17.10; receiver=mail3-smtp-sop.national.inria.fr; envelope-from="info@gerd-stolpmann.de"; x-sender="postmaster@moutng.kundenserver.de"; x-conformance=sidf_compatible; x-record-type="v=spf1" X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AugBAHOrilLU4xEKnGdsb2JhbABZgz+DSLxAgRwWDgEBAQEBBg0JCRQogiYBBSMyJBALQgICVwYTCQuHcQmvfZItF4k7hGGBJyYHgmuBRgOPBIo7hRCOdw X-IPAS-Result: AugBAHOrilLU4xEKnGdsb2JhbABZgz+DSLxAgRwWDgEBAQEBBg0JCRQogiYBBSMyJBALQgICVwYTCQuHcQmvfZItF4k7hGGBJyYHgmuBRgOPBIo7hRCOdw X-IronPort-AV: E=Sophos;i="4.93,727,1378850400"; d="asc'?scan'208";a="36305794" Received: from moutng.kundenserver.de ([212.227.17.10]) by mail3-smtp-sop.national.inria.fr with ESMTP/TLS/RC4-SHA; 19 Nov 2013 01:08:53 +0100 Received: from office1.lan.sumadev.de (dslb-088-069-150-223.pools.arcor-ip.net [88.69.150.223]) by mrelayeu.kundenserver.de (node=mreu3) with ESMTP (Nemesis) id 0Me10b-1W3oFY03YL-00Pe98; Tue, 19 Nov 2013 01:08:41 +0100 Received: from [192.168.0.110] (ip-109-90-191-98.unitymediagroup.de [109.90.191.98]) by office1.lan.sumadev.de (Postfix) with ESMTPSA id 92E7DC00D3; Tue, 19 Nov 2013 01:08:40 +0100 (CET) Message-ID: <1384819720.4083.57.camel@zotac> From: Gerd Stolpmann To: "Richard W.M. Jones" Cc: caml-list@inria.fr Date: Tue, 19 Nov 2013 01:08:40 +0100 In-Reply-To: <20131118204426.GA14731@annexia.org> References: <20131118204426.GA14731@annexia.org> Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-zQ7jGyeVNyrYKmSZ5Tni" X-Mailer: Evolution 3.2.3-0ubuntu6 Mime-Version: 1.0 X-Provags-ID: V02:K0:Vkq38K/d5Jta0gzyv5TcguAvNw8Nq8OAdbFVDBWQZoI A+lB2uS7PRA61lOrS4qRKJuOhpnY/9mgtQifmOqQQ64pEraiSh A3ioJ2ArrOzyo56tONFbru+EHsuCsfgjFgg4f1f9PhhtXHPpsO R8BJzLcjT2s52g0A/uSDcivnBavyiB/Qnkjm1q0oJHS4qqcC4R m406jWL27+ADRzzFkKVULxQ60LPCmzdg8if96BSaMLTRy+leQV R/Cj3ZfGJSIJeNyOCc6L3yq5vgGtSGyi/pAhKPWkmypB3cy30j rdyN+EVECFLdmjDJVc3NKLbYpa3oiusUZ/UFRKxCwhBm1skTWf n3w+SdmeaSI4WfRmolBq4brFe2O+/UjWsKl3rnlqP Subject: Re: [Caml-list] Hardening [Perl's] hash function further --=-zQ7jGyeVNyrYKmSZ5Tni Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Am Montag, den 18.11.2013, 20:44 +0000 schrieb Richard W.M. Jones: > The Perl community have found further attacks against their > (already considered hardened) hash function. This article > explains the problems quite well: >=20 > http://blog.booking.com/hardening-perls-hash-function.html Interesting read. I'm wondering which conclusions one should draw from it. This article is more or less discussing cryptoattacks on an insecure hash function, and the new versions of the functions are only "better" but in no way safe (which you only get with crypto hashes or dictionaries that don't allow collisions). This sounds for me like a race between attackers and hash implementors. Gerd --=20 ------------------------------------------------------------ Gerd Stolpmann, Darmstadt, Germany gerd@gerd-stolpmann.de My OCaml site: http://www.camlcity.org Contact details: http://www.camlcity.org/contact.html Company homepage: http://www.gerd-stolpmann.de ------------------------------------------------------------ --=-zQ7jGyeVNyrYKmSZ5Tni Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAABAgAGBQJSiqwIAAoJEAaM4b9ZLB5TVJsH/RnE6fZX5zotRekJuo3wop8g b1mvZe9MdotSA11CPpg7PlNas3Su7BVCSPpwtGqKH3dzRkRCeooD++8ow1Lbl7El //fNmCj1yV0HAjAovcTYw8n2Mr4EmKaog542AknXAtKYZItxKf6/ijKc0Cr4LvkG W4SlkthzUk7E/Lwct6/6+EWsjNNCqLlsl/XPStrhnxST2/BnU51Vb1vk9pBP6hkp vkvph3Bt/RfczU0Cum2Ysmyvk95xbfqGX/CmNqLb2UQ8NDeGaafXSz3YzcGldRDf zBVgBX1ZFmD/p/5W751VdRaemvuXYf+QTyCyFqXenDQv1G9GduoegEpWjX+xelw= =Gr7u -----END PGP SIGNATURE----- --=-zQ7jGyeVNyrYKmSZ5Tni--