> You mention that foldhash does not claim to provide HashDoS resistance against interactive attackers, so perhaps that disqualifies it.
The linked CVE is not an interactive attack either FYI, so foldhash would be sufficient to protect against that. When I say an "interactive attacker" I mean one that analyzes hash outcomes (either directly or indirectly through things like timing attacks and iteration order) to try and reverse engineer the hidden internal state.
> If anything, given this requirement, comparing with wyhash, as they do in the article, is misleading.
That is correct. There is no reason to believe wyhash is secure against interactive attackers.
The linked CVE is not an interactive attack either FYI, so foldhash would be sufficient to protect against that. When I say an "interactive attacker" I mean one that analyzes hash outcomes (either directly or indirectly through things like timing attacks and iteration order) to try and reverse engineer the hidden internal state.
> If anything, given this requirement, comparing with wyhash, as they do in the article, is misleading.
That is correct. There is no reason to believe wyhash is secure against interactive attackers.