On Fri, Aug 19, 2011 at 1:43 AM, Sean Kelly <[email protected]> wrote: > This sounds like an application design issue rather than a language issue. Do > any languages use a pool of hash routines like this? > > Sent from my iPhone > > On Aug 17, 2011, at 5:06 PM, Josh Simmons <[email protected]> wrote: > >> On Thu, Aug 18, 2011 at 8:40 AM, Sean Kelly <[email protected]> wrote: >>> On Aug 17, 2011, at 2:36 PM, bearophile wrote: >>> >>>> Walter: >>>> >>>>> Bottom line, I don't think there's an actual problem here. >>>> >>>> Thank you for your answers. And I agree that the current situation is >>>> overall better than the precedent one. >>>> >>>> My original first post of this thread was about other problems, quite more >>>> practical ones, like receiving help from the compiler if I am using hash >>>> protocol badly, etc. :-) >>> >>> This would be a run-time issue, unless you're asking the compiler to verify >>> your hash algorithm at compile-time :-p I'd actually like to have some >>> introspection functionality so I could find out the average chain length, >>> max chain length, etc (basically what's provided by the unordered >>> containers from C++11), but the user would still have to query this stuff >>> to know that something was wrong. >> >> The security issue is basically a DoS one, for example if you know a >> web server is using a specific hash and collision resolution method to >> store message headers you can pass headers that all hash to buckets >> that provide worst-case behavior. In this instance universal hashing >> where a hash function is chosen randomly from a pool of hashes >> combined with good algorithmic complexity means the attacker is unable >> to do this reliably. >> >> Unrelated though, I'm quite a fan of hopscotch hashing at the moment, >> in theory at least. It'd be interesting to get a few different >> resolution schemes working and compare their performance on various >> workloads. >
I doubt it, I was just noting the issue not suggesting it should be fixed. Cheers, Josh.
