On 12/21/2010 11:58 AM, Tab Atkins Jr. wrote:
On Mon, Dec 20, 2010 at 5:49 PM, Boris Zbarsky<bzbar...@mit.edu> wrote:
On 12/20/10 7:42 PM, Glenn Maynard wrote:
Has a hash functions API been considered, so browsers can expose, for
example, a native SHA-1 implementation? Doing this in JS is possible,
but painfully slow, even with current JS implementations.
Before we go further into this, can we quantify "painfully slow" so we have
some idea of the magnitude of the problem?
Using the testcase at https://bugzilla.mozilla.org/attachment.cgi?id=487844
but modifying the input string to be 768 chars, I see a current js
implementation on modern laptop hardware take around 7 seconds to hash it
50,000 times.
I get similar times for an MD5 implementation I found and chopped down.
It'd be nice to see an SHA1 JS test case setup for performance testing
using recent APIs like ArrayBuffer.
These kinds of self-contained functions are low hanging fruit for
compiler optimization.
"use strict", Typed Arrays and Object.seal give JS compilers a
reasonable chance
to hit the performance of C compilers.
I've not been able to find a 'public domain' JS SHA1 implementation on
the web.
If you need a quick hash function, there are faster ones than SHA1.
I still think it may be useful for the security use-case as well,
where you explicitly want a slow hash to begin with. If JS imposes a
slowdown on top of that, it could render a good hash too slow to
actually use in practice. Plus, you have to depend on the hash
implementation you pulled off the web or hacked together yourself,
which you probably didn't manually verify before starting to use.
I'd only expect vendors to implement sha1 and md5.
NaCl-LLVM makes sense if you're looking at just porting existing C over
to the web.
Or the Mozilla ChromeWorker proposal.
Current JS code, BSD licensed SHA1 and MD5 scripts have been through
extensive open source review.
Sure, a lot of open source code floats around without due review.
They're no different in credibility than BSD licensed code in C.
-Charles
