Tony “Abolish ICE” Arcieri🌹🦀Feb 29, 2024

I've long warned against the Rust "ahash" construction, which is the default in `hashbrown` (but fortunately not `std`), due to what I thought was a poor cryptographic design which misuses cryptographic primitives, including using the AES round function with insufficient rounds (i.e. 1 round!) to achieve required diffusion.

Turns out someone found a full key recovery attack against it:

https://github.com/tkaitchuck/aHash/issues/163

Critical vulnerability: complete key recovery of AES-based hash through side-channels · Issue #163 · tkaitchuck/aHash

The AES version of aHash only performs a single round of AES between inputs. This is not sufficient, a single-bit difference only gets amplified once in the SubBytes step, leading to one of 256 pos...

GitHub
Show threadEmelia 👸🏻
@bascule why do so many projects not setup vulnerability reporting?
Feb 29, 2024 at 3:36pmWeb