# Short-input hashing

## Example

```
#define SHORT_DATA ((const unsigned char *) "Sparkling water")
#define SHORT_DATA_LEN 15
unsigned char hash[crypto_shorthash_BYTES];
unsigned char key[crypto_shorthash_KEYBYTES];
crypto_shorthash_keygen(key);
crypto_shorthash(hash, SHORT_DATA, SHORT_DATA_LEN, key);
```

## Purpose

Many applications and programming language implementations were recently found to be vulnerable to denial-of-service attacks when a hash function with weak security guarantees, such as Murmurhash 3, was used to construct a hash table.

In order to address this, Sodium provides the `crypto_shorthash()`

function,
which outputs short but unpredictable (without knowing the secret key) values
suitable for picking a list in a hash table for a given key.

This function is optimized for short inputs.

The output of this function is only 64 bits. Therefore, it should *not* be
considered collision-resistant.

Use cases:

- Hash tables
- Probabilistic data structures such as Bloom filters
- Integrity checking in interactive protocols

## Usage

```
int crypto_shorthash(unsigned char *out, const unsigned char *in,
unsigned long long inlen, const unsigned char *k);
```

Compute a fixed-size (`crypto_shorthash_BYTES`

bytes) fingerprint for the
message `in`

whose length is `inlen`

bytes, using the key `k`

.

The `k`

is `crypto_shorthash_KEYBYTES`

bytes and can be created using
`crypto_shorthash_keygen()`

.

The same message hashed with the same key will always produce the same output.

## Constants

`crypto_shorthash_BYTES`

`crypto_shorthash_KEYBYTES`

## Algorithm details

SipHash-2-4

## Notes

- The key has to remain secret. This function will not provide any mitigations against DoS attacks if the key is known from attackers.
- When building hash tables, it is recommended to use a prime number for the
table size. This ensures that all bits from the output of the hash function
are being used. Mapping the range of the hash function to
`[0..N)`

can be done efficiently without modulo reduction. - libsodium >= 1.0.12 also implements a variant of SipHash with the same key
size but a 128-bit output, accessible as
`crypto_shorthash_siphashx24()`

.