Talk:SipHash

Urban's criticism
It does not seem Wikipedian to give two paragraphs to one person's criticism of a hash.

What Urban's saying also misunderstands the attack SipHash is protecting against. The threat is the attacker figures out an efficient, non-brute-force way to generate a lot of values that will all fall into the same hash bucket, so that each lookup has to traverse a lot of data (in linked lists or by whatever manner). SipHash helps not because it prevents a random collision from being found, but because the secret key keeps the attacker from achieving a better-than-random chance of collision for the next value to add to the hashtable, even if they can directly observe hash values (or indirectly observe them through timing). Obviously WP can't just take my word; it'd take a good source saying this to include it.

The claim on the source page that SHA-1 with output truncated is solvable with "Z3" also does not make sense. Truncating SHA1's output doesn't reduce the internal complexity of the function the solver has to deal with; he might be confused between truncated output and reduced rounds.

But all of that seems kind of to the side. If I fork and improve a hash benchmarking project and put some security stuff on a page, I'm still not a security expert, however strident I am about things. Again, not how WP works. — Preceding unsigned comment added by 76.103.246.130 (talk) 05:03, 10 January 2017 (UTC)


 * Indeed. I've deleted this section. Dchestnykh (talk) —Preceding undated comment added 10:06, 10 January 2017 (UTC)


 * I was about to restore that section but someone beat me to it. We can't censor criticism. It's not balanced. 24.45.100.60 (talk) 00:50, 17 January 2017 (UTC)


 * Wikipedia provides encyclopedic content, it's not a platform for raising criticism (WP:NOR), unless such criticism is published in reliable sources. Please see Criticism. As as side note, this particular opinion of Urban is unlikely to appear in any reliable source, because his claims are false, and no reliable source will ever publish them. Dchestnykh (talk) 01:22, 18 January 2017 (UTC)
 * No, original research is when you say Urban's wrong and remove his views from Wikipedia. I don't know that it's censorship, but it's not fair reporting. The source is GitHub, which is cited 8 times already, so it must be reliable. 72.21.196.66 (talk) 21:10, 2 February 2017 (UTC)


 * GitHub is not a source, please read WP:NOR and stop reverting my edits. Dchestnykh (talk) 22:41, 2 February 2017 (UTC)


 * I've removed this content again. As content on GitHub is user-generated, it's not an appropriate source except in limited circumstances (see WP:UGC and WP:SPS). For a claim like this, Urban would have to be widely considered an expert in this field before we could use his own writings as a source. clpo13(talk) 20:22, 3 February 2017 (UTC)