From: Ondřej Surý <ondrej@isc.org>
Date: Fri, 15 May 2026 07:33:09 +0000 (+0200)
Subject: chg: dev: Use SipHash-1-3 for hash tables, keep SipHash-2-4 for cookies
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c708d694feba58e6a14e31c449e4f112fa632419;p=thirdparty%2Fbind9.git

chg: dev: Use SipHash-1-3 for hash tables, keep SipHash-2-4 for cookies

SipHash-2-4 was designed as a conservative PRF/MAC with extra rounds
against future attacks.  For hash tables, where outputs are never
exposed, SipHash-1-3 provides sufficient collision resistance with
fewer rounds.  As the SipHash author noted: "I would be very surprised
if SipHash-1-3 introduced weaknesses for hash tables."

DNS cookies continue to use SipHash-2-4 since cookie values are sent
on the wire and must resist online attacks.

Merge branch 'ondrej/siphash-1-3' into 'main'

See merge request isc-projects/bind9!11787
---

c708d694feba58e6a14e31c449e4f112fa632419