[ccache] Questions about two hot functions in ccache
justin.lebar at gmail.com
Wed Oct 20 01:45:08 MDT 2010
Skimming the VHASH paper, it looks like it runs at about 1 cycle per
byte on a 64-bit Core 2 Merom machine when generating a 128-bit
digest. (They don't have timings for 32-bit x86.) It looks like they
just run the hash algorithm twice (with different keys) to generate a
I couldn't find great numbers on MD4, but  says 3.8cpb on really
old hardware. Who knows what that would be today.
On Wed, Oct 20, 2010 at 12:34 AM, Martin Pool <mbp at canonical.com> wrote:
> On 20 October 2010 17:44, Justin Lebar <justin.lebar at gmail.com> wrote:
>> My cryptographically-inclined friend suggested we use a universal hash
>> function or something a bit stronger, such as VHASH.
>> These functions take a "key", which we could choose at random and fix
>> in the code.
>> VHASH outputs 64-bit digests with collision probability 2^61, so in
>> expectation you'd need to hash 2^30 files before you saw a collision.
>> If that wasn't good enough, we could compute two VHASH digests with
>> different keys and concatenate them.
> Is VHASH expected to be faster than MD4? I don't think adding more
> strength will help with anything. The odds of an accidental MD4
> collision are low, and I don't know of any attack by which being able
> to predict or produce ccache collisions accomplishes anything for the
> attacker. (If they can write to the cache you have bigger problems.)
More information about the ccache