[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Interning strings considered harmful (somewhat)
- From: "Alex Davies" <alex.mania@...>
- Date: Wed, 18 Nov 2009 10:28:26 +0800
Florian Weimer wrote:
I went ahead and replaced the hash function with Jenkins' lookup3.c.
The impact on microbenchmarks was rather mixed. For reading text
files line by line, with somewhat regular content, there was a small
speed-up (despite line lengths generally above 32 bytes). Fasta was
slower, k-nucleotide was faster. Reading large, mostly random strings
will be significantly slower, but for quite regular strings,
lookup3.c's better mixing seems to pay off.
A nice surprise that you noticed speed up. I have to ask though, from a
security point of view - is there any point in replacing one
non-cryptographic hash with another? Note Jenkins' stern warning that the
algorithm should not be used for cryptographic purposes, and indeed his hash
is almost as vulnerable as the Lua one - a quick google search for "jenkins
lookup3.c attack" gives this:
among other things. The author writes that you should randomize a, b and c,
preventing his attack (although likely still leaving it open to others -
again, it's not a cryptographic hash), which sounds sensible.