lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Lua tables are using a hashing function. That hashing function is fast, but not intended to be secure (and it has been shown that it is not immune to collisions, that occur easily in easily reproducible cases, causing severe degradation of performances, and possibly can be targetted by DOS attacks (denial of services).

I do think that the default hashing function used by tables should be overridable (notably for tables indexing sensitive data, such as user accounts, or certificates if they are indexed by domain names instead of their own secure hashes which should be already SHA1 at least, or SHA256 now for most PKI providers). And there should be a standard API for security algorithm providers, like in Java or .Net or other languages, and a default security provider implemented in the core, implementing some core algorithms (see those enabled by default in Linux kernels for example; some may of these algorithms, be optional but would be required in Russia and China, they are present in Linux Kernel config, some are required in various web standards or common filesystems).

Le mar. 27 avr. 2021 à 13:59, Marcus Mason <> a écrit :
Hello list, I need a way to compute a hash code of a lua object. Other languages like java / c# provide a method like GetHashCode() to do this, and I was wondering if it would be possible to write a function like this for lua using the internal hashing mechanism (as a C library I can require). If not is there a way to implement something that provides similar semantics in pure lua?