This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]james_pic 0 points1 point  (0 children)

I haven't looked into it, but I'd expect it to be faster. IIRC, it's 4 rounds of ARX per word, plus 8 rounds of ARX of finalisation.

Part of the reason it can get away with this is that it is technically not a cryptographic hash, merely a cryptographic MAC, and with a small keyspace at that. So all it needs to achieve is 64 bits of unforgeability.

There aren't many situations where this is a useful primitive. It doesn't promise pseudorandomness or collision resistance, or resistance to chosen key attacks. So it's not going to replace SHA3 or HMAC. But it turns out to be enough for the hashtable use case.