On Friday, 3 April 2015 at 20:41:26 UTC, Martin Nowak wrote:
On 04/02/2015 02:10 PM, Kagamin wrote:
The vulnerability presentation suggests perl solution (random
hash seed)
is good enough, it doesn't slow down anything. The seed can be
left zero
and initialized by an application as needed. One can also use
a longer
key and add more its bits every, say, 10 bytes of hashed data,
not sure
if it will make any difference.
A global random hash seed would work, but it needs to be
accessible for
reproducing test cases (druntime DRT option or in core.runtime).
At least for a library hashmap, you could provide a hash seed at
compile time, or as some static value and maybe lie about purity.
