Critque of Rust's collection types
cym13 via Digitalmars-d
digitalmars-d at puremagic.com
Wed Sep 14 09:53:03 PDT 2016
On Wednesday, 14 September 2016 at 11:59:13 UTC, Kagamin wrote:
> On Wednesday, 14 September 2016 at 00:36:39 UTC, Walter Bright
> wrote:
>> Of particular interest is the advocacy of collision attack
>> resistance. Is anyone interested in exploring this w.r.t. D's
>> builtin hashes?
>
> Perl's approach is probably good enough
> https://issues.dlang.org/show_bug.cgi?id=14414
> Reversibility of the hash looks irrelevant for dos attack.
What do you mean by that? It's the basis of DoS attack against
hashtables: being able to find many inputs with the same hash.
What perl does isn't good IMHO because their solution is not the
default behaviour and the security effect of changing the seed
isn't made obvious to the programmer.
While I can understand prefering speed over security as default
(although history shows that if it's not the default it's not
used) I would rather have a security flag to change the algorithm
at compile-time for a more secure one. Most programmers won't see
the point of changing seed and we can definitely take advantage
of templates here.
Also I'm not sure in our use-case fastest necessarily means less
secure, there should be some benchmarking at work.
More information about the Digitalmars-d
mailing list