diff options
| author | Keith Randall <khr@golang.org> | 2015-08-31 16:26:12 -0700 |
|---|---|---|
| committer | Keith Randall <khr@golang.org> | 2015-10-08 16:43:03 +0000 |
| commit | 91059de095703ebc4ce6b8bad7a0a40dedeef7dc (patch) | |
| tree | 24e293a069d40104a827d85a2669e30308f8a7b0 /src/runtime/hash64.go | |
| parent | 168a51b3a14b4fd539d5815de5f0e3bd7137ea55 (diff) | |
| download | go-91059de095703ebc4ce6b8bad7a0a40dedeef7dc.tar.gz go-91059de095703ebc4ce6b8bad7a0a40dedeef7dc.zip | |
runtime: make aeshash more DOS-proof
Improve the aeshash implementation to make it harder to engineer collisions.
1) Scramble the seed before xoring with the input string. This
makes it harder to cancel known portions of the seed (like the size)
because it mixes the per-table seed into those other parts.
2) Use table-dependent seeds for all stripes when hashing >16 byte strings.
For small strings this change uses 4 aesenc ops instead of 3, so it
is somewhat slower. The first two can run in parallel, though, so
it isn't 33% slower.
benchmark old ns/op new ns/op delta
BenchmarkHash64-12 10.2 11.2 +9.80%
BenchmarkHash16-12 5.71 6.13 +7.36%
BenchmarkHash5-12 6.64 7.01 +5.57%
BenchmarkHashBytesSpeed-12 30.3 31.9 +5.28%
BenchmarkHash65536-12 2785 2882 +3.48%
BenchmarkHash1024-12 53.6 55.4 +3.36%
BenchmarkHashStringArraySpeed-12 54.9 56.5 +2.91%
BenchmarkHashStringSpeed-12 18.7 19.2 +2.67%
BenchmarkHashInt32Speed-12 14.8 15.1 +2.03%
BenchmarkHashInt64Speed-12 14.5 14.5 +0.00%
Change-Id: I59ea124b5cb92b1c7e8584008257347f9049996c
Reviewed-on: https://go-review.googlesource.com/14124
Reviewed-by: jcd . <jcd@golang.org>
Run-TryBot: Keith Randall <khr@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Diffstat (limited to 'src/runtime/hash64.go')
| -rw-r--r-- | src/runtime/hash64.go | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/runtime/hash64.go b/src/runtime/hash64.go index 716db61bee..f339a3020e 100644 --- a/src/runtime/hash64.go +++ b/src/runtime/hash64.go @@ -53,9 +53,9 @@ tail: h = rotl_31(h*m1) * m2 default: v1 := h - v2 := uint64(hashkey[1]) - v3 := uint64(hashkey[2]) - v4 := uint64(hashkey[3]) + v2 := uint64(seed * hashkey[1]) + v3 := uint64(seed * hashkey[2]) + v4 := uint64(seed * hashkey[3]) for s >= 32 { v1 ^= readUnaligned64(p) v1 = rotl_31(v1*m1) * m2 |