Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clean up hasher discussion on HashMap #36557

Merged
merged 2 commits into from
Sep 30, 2016
Merged

Clean up hasher discussion on HashMap #36557

merged 2 commits into from
Sep 30, 2016

Conversation

sfackler
Copy link
Member

  • We never want to make guarantees about protecting against attacks.
  • "True randomness" is not the right terminology to be using in this
    context.
  • There is significantly more nuance to the performance of SipHash than
    "somewhat slow".

r? @steveklabnik

Follow up to discussion on #35371

@sfackler
Clean up hasher discussion on HashMap
12960aa 
* We never want to make guarantees about protecting against attacks.
* "True randomness" is not the right terminology to be using in this
    context.
* There is significantly more nuance to the performance of SipHash than
    "somewhat slow".
@brson
Copy link
Contributor

brson commented Sep 19, 2016

I'm not sure about "We never want to make guarantees about protecting against attacks." This has been a stated goal since Rust has had hash maps. If we aren't guaranteeing that then why bother doing it?

@sfackler
Copy link
Member Author

Guarantees don't tend to exist in the security space IME. We believe SipHash 1-3 is resistant to discovery of its internal key. We believe it is hard to generate collisions without knowing that key. We believe the kernel is giving us high quality random data, etc.

@sfackler
Copy link
Member Author

Ping

alexcrichton
alexcrichton reviewed Sep 27, 2016
View reviewed changes
src/libstd/collections/hash/map.rs
/// require this behavior you can create your own hashing function using
/// [BuildHasherDefault](../hash/struct.BuildHasherDefault.html).
/// By default, `HashMap` uses a hashing algorithm selected to provide
/// resistance against HashDoS attacks. The algorithm is randomly seeded, and a
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there perhaps a wikipedia article or something we could link to here with "HashDoS attacks" ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wasn't able to find anything that seems like a particularly good source to link to, unfortunately.

src/libstd/collections/hash/map.rs
/// The hashing algorithm can be replaced on a per-`HashMap` basis using the
/// `HashMap::default`, `HashMap::with_hasher`, and
/// `HashMap::with_capacity_and_hasher` methods. Many alternative algorithms
/// are available on crates.io.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps this could mention "such as fnv" which seems to be the most popular alternative?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated

@alexcrichton
Copy link
Member

@bors: r+

@bors
Copy link
Contributor

bors commented Sep 29, 2016

📌 Commit aaf32aa has been approved by alexcrichton

@bors
Copy link
Contributor

bors commented Sep 29, 2016

⌛ Testing commit aaf32aa with merge f390451...

@alexcrichton
Copy link
Member

@bors: retry force clean

  • restarted buildbot

@bors
Copy link
Contributor

bors commented Sep 30, 2016

⌛ Testing commit aaf32aa with merge 7660bdf...

bors added a commit that referenced this pull request Sep 30, 2016
@bors
Auto merge of #36557 - sfackler:fix-hashdos-docs, r=alexcrichton
7660bdf 
Clean up hasher discussion on HashMap

* We never want to make guarantees about protecting against attacks.
* "True randomness" is not the right terminology to be using in this
    context.
* There is significantly more nuance to the performance of SipHash than
    "somewhat slow".

r? @steveklabnik

Follow up to discussion on #35371
@bors
Copy link
Contributor

bors commented Sep 30, 2016

☀️ Test successful - auto-linux-32-nopt-t, auto-linux-32-opt, auto-linux-64-cargotest, auto-linux-64-cross-freebsd, auto-linux-64-debug-opt, auto-linux-64-nopt-t, auto-linux-64-opt, auto-linux-64-opt-rustbuild, auto-linux-64-x-android-t, auto-linux-cross-opt, auto-linux-musl-64-opt, auto-mac-32-opt, auto-mac-64-opt, auto-mac-64-opt-rustbuild, auto-mac-cross-ios-opt, auto-win-gnu-32-opt, auto-win-gnu-32-opt-rustbuild, auto-win-gnu-64-opt, auto-win-msvc-32-opt, auto-win-msvc-64-cargotest, auto-win-msvc-64-opt, auto-win-msvc-64-opt-rustbuild
Approved by: alexcrichton
Pushing 7660bdf to master...

@bors bors merged commit aaf32aa into rust-lang:master Sep 30, 2016
@sfackler sfackler deleted the fix-hashdos-docs branch November 26, 2016 05:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexcrichton alexcrichton alexcrichton left review comments

Assignees

@steveklabnik steveklabnik

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@sfackler @brson @alexcrichton @bors @steveklabnik