From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 637 invoked by alias); 23 Sep 2015 02:08:18 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 391 invoked by uid 55); 23 Sep 2015 02:08:13 -0000 From: "felix-glibc at fefe dot de" To: gcc-bugs@gcc.gnu.org Subject: [Bug libstdc++/55815] switch hash function of libstdc++ hash tables to siphash Date: Wed, 23 Sep 2015 02:08:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: libstdc++ X-Bugzilla-Version: unknown X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: felix-glibc at fefe dot de X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-09/txt/msg01825.txt.bz2 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=55815 --- Comment #5 from felix-glibc at fefe dot de --- How about you add SipHash and make it selectable at runtime. Then I can file security bugs against all relevant programs not selecting it for being vulnerable and glibc has their ass covered regarding performance. I mean seriously, you argue performance for a security measure? Does Google turn off stack cookies in production? ACL checks? All this password checking is making our code slow? I sure hope not. Also: Do you have any actual benchmarks proving siphash would make a noticeable impact?