On Jan 13, 2020, at 11:49 AM, Paul Sandoz <paul.san...@oracle.com> wrote: > > For information purposes: an alternative salt might be to use mix32 from > Splittable random: > > /** > * Returns the 32 high bits of Stafford variant 4 mix64 function as int. > */ > private static int mix32(long z) { > z = (z ^ (z >>> 33)) * 0x62a9d9ed799705f5L; > return (int)(((z ^ (z >>> 28)) * 0xcb24d0a5c88c35b3L) >>> 32); > } > > as in: > > SALT = mix32(System.nanoTime());
Thank you for mentioning that! I get this google hit on it: https://blogs.oracle.com/dave/a-simple-prng-construction-idiom There are also similar functions in xxHash. https://github.com/easyaspi314/xxhash-clean/blob/master/xxhash64-ref.c#L104 Here’s a scary list: https://en.wikipedia.org/wiki/List_of_hash_functions I think “doing it right” is overkill for this one place, but I hope we can put something like that into the JVM or some other low-level place for use whenever we need a cheap pseudo-random nonce of some sort. Once there’s an API for it I think we will reach for it a little more often. Having a common engine means we can afford to tune its predictability qualities. In both directions: resistance to attack, and reproducibility for debugging. In the case of Set.of, the former concern doesn’t apply much, but the latter might. — John