lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Florian Weimer wrote:
I went ahead and replaced the hash function with Jenkins' lookup3.c.
The impact on microbenchmarks was rather mixed.  For reading text
files line by line, with somewhat regular content, there was a small
speed-up (despite line lengths generally above 32 bytes).  Fasta was
slower, k-nucleotide was faster.  Reading large, mostly random strings
will be significantly slower, but for quite regular strings,
lookup3.c's better mixing seems to pay off.

A nice surprise that you noticed speed up. I have to ask though, from a security point of view - is there any point in replacing one non-cryptographic hash with another? Note Jenkins' stern warning that the algorithm should not be used for cryptographic purposes, and indeed his hash is almost as vulnerable as the Lua one - a quick google search for "jenkins lookup3.c attack" gives this:, among other things. The author writes that you should randomize a, b and c, preventing his attack (although likely still leaving it open to others - again, it's not a cryptographic hash), which sounds sensible.

- Alex