Comments (2)
tkaitchuck
commented on May 28, 2024
Yes. That would be desirable see discussion here:
rust-lang/hashbrown#207
Based on earlier discussion here:
#48
The question is how to do that "safely". Meaning that users don't make assumptions about DOS resistance that would not apply given the lack of both runtime and compile time randomization.
from ahash.
tkaitchuck
commented on May 28, 2024
getrandom works on many but not all targets. (And those unsupported targets are more likely if we're talking about no-std builds.)
Obviously re-using the generated random data is a useful property too. Currently this is done via Lazy static. Atomics + Box might be an alternative, as could thread-local. Both have issues similar in that they aren't supported universally. For reference the standard library calls sys::hashmap_random_keys() which obviously is not available without std.
Previously the code in this case was using the history / order of memory offsets where maps were constructed as a (poor) source of randomness. This is certainly better than using fixed keys, because even if it is predictable at least accidentally self-inflicted dos attacks don't happen. But it can't be labeled as secure, so it seems like maybe it should go via a different method so it's not confused.
from ahash.
Related Issues (20)
- Significant performance regression from 0.8.6 to 0.8.7 HOT 11
- compile error: use of unstable library feature 'stdsimd' HOT 20
- feature request: ahash without length prefixing HOT 3
- Deterministic hash value HOT 2
- error[E0635]: unknown feature `stdsimd` HOT 19
- Significant bump in MSRV from 0.8.7 to 0.8.8 HOT 9
- No link to crates.io HOT 1
- RandomState has too many collisions in low order bits when hashing a u64 HOT 29
- Hashing `&T` yields different results compared to `T`
- Fragile build script: crate automatically enables "specialize" feature HOT 14
- ahash 0.8.11 breaks hashbrown? HOT 6
- Work around `swap_bytes` on WebAssembly HOT 1
- git source unaligned with crates.io release HOT 5
- Linking Errors with Specific Optimization Levels When Running Test Cases HOT 1
- rust v1.78 std simd feature removed HOT 1
- `set_random_source` never returns `Err(false)`
- Replace atomic-polyfill with portable-atomic
- Mismatch between published version on crates.io and tagged version in git repo for v0.8.11 HOT 8
- Suggestion: Alternative wrapper HOT 1
- AES not enabled on AArch64
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ahash.