JP + djb = SipHash
Two of the best cybersecurity researchers around are: JP Aumasson [here]; and Daniel J Bernstein (djb) [here]. JP is famous for co-creating the fast hashing methods of BLAKE2 [here] and BLAKE3, and in the co-creation of the GPU-busting hashing method of Argon 2. With djb, we see a long line of innovation, including in creating ChaCha20, Salsa20 and Curve 25519.
Around 2011/2012, JP Aumasson and Daniel J Bernstein (djb) actually worked together to identify some major risks around existing hashing methods [here]:
For this, JP and djb outlined how a DoS (Denial of Service) could be created on a hashtable by sending the same hash (a multicollision) to a server. This results in a worst-case insert time and can result in a DoS against the hashing method. The example given is to send 2MB of POST data consisting of 200,000 of the same 10-byte string and which results in 40,000,000,000 string comparisons — having an impact of a computation time of around 10 seconds on a 2 GHz machine. They found MurmurHash2/3 and Google’s CityHash as being vulnerable to these attacks. Google has since released FarmHash in order to address the weakness.
