Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 15 Nov 2006 12:54:10 +0100 (CET)
From:      Oliver Fromme <olli@lurza.secnetix.de>
To:        freebsd-net@FreeBSD.ORG
Subject:   Re: ipv6 connection hash function wanted ...
Message-ID:  <200611151154.kAFBsAXT091995@lurza.secnetix.de>
In-Reply-To: <200611142020.53178.max@love2party.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Max Laier wrote:
 > David Malone wrote:
 > > Assuming you don't want to use one of the standard cryptographic
 > > ones (which I can imagine being a bit slow for something done
 > > per-packet), then one option might be to use a simpler hash that
 > > is keyed. Choose the key at boot/module load time and make it hard
 > > to produce collisions unless you know the key.
 > 
 > That's exactly what I am looking for ... now I need someone[tm] - with
 > better Math-Knowledge than mine - to write such a thing down in a simple
 > formula :-) i.e. take those bits from there and there and XOR them with
 > your canary yada-yada-yada ...

In that case, simply use crc32 (available from libkern.h)
and xor with a random key generated at boot time.  crc32
is fast to calculate and has the properties that you need.

Best regards
   Oliver

--
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"Perl will consistently give you what you want,
unless what you want is consistency."
        -- Larry Wall



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611151154.kAFBsAXT091995>