diff options
| author | Frank Denis <github@pureftpd.org> | 2020-08-22 14:24:35 +0200 |
|---|---|---|
| committer | Andrew Kelley <andrew@ziglang.org> | 2020-08-22 15:12:54 -0400 |
| commit | 2d402157d9e6ea34499604455cf1270ef7eb5a1f (patch) | |
| tree | 5c301cc30417ba197029a572cdd706df32aff536 /lib/std | |
| parent | f540dc1b7ebc1663ef5d3823da4630ff51c697b6 (diff) | |
| download | zig-2d402157d9e6ea34499604455cf1270ef7eb5a1f.tar.gz zig-2d402157d9e6ea34499604455cf1270ef7eb5a1f.zip | |
Improve documentation on siphash recommended parameters
Diffstat (limited to 'lib/std')
| -rw-r--r-- | lib/std/crypto/siphash.zig | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/std/crypto/siphash.zig b/lib/std/crypto/siphash.zig index c4d8735b1c..26c892fdd7 100644 --- a/lib/std/crypto/siphash.zig +++ b/lib/std/crypto/siphash.zig @@ -20,8 +20,10 @@ const mem = std.mem; /// SipHash function with 64-bit output. /// /// Recommended parameters are: +/// - (c_rounds=4, d_rounds=8) for conservative security; regular hash functions such as BLAKE2 or BLAKE3 are usually a better alternative. /// - (c_rounds=2, d_rounds=4) standard parameters. -/// - (c_rounds=1, d_rounds=2) reduced-round function. Faster, no known implications on its practical security level. +/// - (c_rounds=1, d_rounds=3) reduced-round function. Faster, no known implications on its practical security level. +/// - (c_rounds=1, d_rounds=2) fastest option, but the output may be distinguishable from random data with related keys or non-uniform input - not suitable as a PRF. /// /// SipHash is not a traditional hash function. If the input includes untrusted content, a secret key is absolutely necessary. /// And due to its small output size, collisions in SipHash64 can be found with an exhaustive search. @@ -32,8 +34,11 @@ pub fn SipHash64(comptime c_rounds: usize, comptime d_rounds: usize) type { /// SipHash function with 128-bit output. /// /// Recommended parameters are: +/// - (c_rounds=4, d_rounds=8) for conservative security; regular hash functions such as BLAKE2 or BLAKE3 are usually a better alternative. /// - (c_rounds=2, d_rounds=4) standard parameters. -/// - (c_rounds=1, d_rounds=2) reduced-round function. Faster, no known implications on its practical security level. +/// - (c_rounds=1, d_rounds=4) reduced-round function. Recommended to hash very short, similar strings, when a 128-bit PRF output is still required. +/// - (c_rounds=1, d_rounds=3) reduced-round function. Faster, no known implications on its practical security level. +/// - (c_rounds=1, d_rounds=2) fastest option, but the output may be distinguishable from random data with related keys or non-uniform input - not suitable as a PRF. /// /// SipHash is not a traditional hash function. If the input includes untrusted content, a secret key is absolutely necessary. pub fn SipHash128(comptime c_rounds: usize, comptime d_rounds: usize) type { |