Today I am releasing the groundbreaking release of Deadwood-2. Deadwood-2 will be a simple DNS cache that caches requests made to a fully recursive DNS server. Last night, I wrote the code to implement the hash compression algorithm, making what I feel to be a reasonable balance between security and speed.
The has compression algorithm is a simple XOR with the data to hash, followed by a 32-bit multiply and a circular rotate (since mod 2^32 multiplies have problems with repeating patterns in the lower bits); the last data we XOR against is the length of the message. To make things reasonably secure, I am making the 32-bit number one multiplies by be a relatively secret 31-bit prime number; I have written a small program that finds a random 31-bit prime number, and makes a header file that determines Deadwood's default multiplication constant for making a hash out of a string. The script that creates the MaraDNS tarball automatically runs this program to change the random number.
In addition, the code will allow the user to reset this number to some other number, and the documentation will encourage the user to do so (telling them how to use RandomPrime to see a random 31-bit prime number).
The file can be downloaded here
I have some very good news: It looks like DJB is going to make Qmail public domain. I hope DJB soon does the same thing for DjbDNS; my main issue with DjbDNS, besides the hyperbolic claims like "DjbDNS has no security holes" (it does), is its license. I will retract my rant against DjbDNS when and if the DjbDNS code becomes public domain.
Thanks a lot for the birthday present, DJB! :)