On 05/05/2014 02:31 PM, Xuelei Fan wrote:
Comparing with the call: MessageDigest md = MessageDigest.getInstance("SHA-1");What's the benefit of the following call? MessageDigest md = StandardMessageDigests.newSHA1(); What's the context that this new class is supposed to use?
It's 10% faster, even including the digest overhead for a single-block message. I forgot to mention that the benchmark numbers I posted include that, to make them more realistic. If I only measure the cost of instantiation and a single-byte update, the numbers are as follows:
Benchmark Mode Samples Mean Mean error Units o.o.j.b.StandardMessageDigestsBenchmark.get thrpt 200 6292.827 178.149 ops/ms o.o.j.b.StandardMessageDigestsBenchmark.smd thrpt 200 10018.883 294.193 ops/ms
I think the single-block hashing case is important because it is not always possible to reuse an existing digest object after calling reset(). The difference will be more visible once we have message digests with hardware support (which is apparently around the corner for SHA-1 and SHA-256).
We could also revisit the decision about NoSuchAlgorithmException:
I deliberately did not include support for MD5. It would be nice if we could drop the NoSuchAlgorithmException, but this would be problematic once there are providers that do not support SHA-1.
If we guarantee that the algorithms are always supported, we could drop the checked exception, making it easier to initialize objects. This would be an added benefit, then.
-- Florian Weimer / Red Hat Product Security Team
