Boost logo

Boost :

From: Vinnie Falco (vinnie.falco_at_[hidden])
Date: 2024-12-09 17:41:24


On Mon, Dec 9, 2024 at 9:28 AM Peter Dimov <pdimov_at_[hidden]> wrote:

> "seed" "message" and "seedm" "essage" trivially collide,
> which may not be desirable.
>

Sorry, I don't follow. You are comparing the result of two different hash
functions:

    H1 h1( "seed", 4 );
    h1.update( "message", 7 );
    auto r1 = h1.result();

    H2 h2( "seedm", 5 );
    h2.update( "essage", 6 );
    auto r2 = h2.result();

    assert( r1 == r2 );

h1 and h2 are different hash functions from the same family [1] and you
have gone out of your way to form a preimage utilizing knowledge of the
seed. Hardly fair and also does not in any way reflect the security
concerns of real use-cases.

Your own implementation of the seeded FNV-1a constructor simply calls
update():

https://github.com/pdimov/hash2/blob/7a25f8518692b657e9272884519519fbaca2ec54/include/boost/hash2/fnv1a.hpp#L66

I think it would be preferable if Hash2 made this the default
implementation, and allowed more sophisticated algorithms (and authors) to
opt-in to a better implementation. Otherwise, we are forcing ordinary users
who just want to adapt an external library to meet the HashAlgorithm
requirements to become experts.

[1] https://en.wikipedia.org/wiki/Universal_hashing

[2]
https://en.wikipedia.org/wiki/Fowler%E2%80%93Noll%E2%80%93Vo_hash_function


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk