So I am curious about the security analysis of Marvin32
, the randomized hash algorithm used in .NET (to prevent hash-table DoS). I found the source code here: marvin32.h, marvin32.c.
At first glance, the construction looks really similar to that of SipHash, but:
- Marvin32: 1 round per block and 2 finalization rounds
SipHash: 2 rounds per block and 4 finalization rounds - Marvin32: 64-bit key space (seed)
SipHash: 128-bit key space
Nevertheless, the construction seems so similar that it looks like MS was trying to build something like a PRF. The 64-bit key space is certainly too small for a general-purpose PRF, but assuming that 64-bit is enough, is this a secure PRF? Do you see anything else wrong with the construction (key expansion, hash)?
To me it looks like the rounds are too short for this to be a crypto-grade PRF (again, ignoring the key-space for a moment), but maybe it's enough to thwart the hash-table DoS assuming the key is changed from time to time using a CSPRNG?