|
Boost : |
From: Vinnie Falco (vinnie.falco_at_[hidden])
Date: 2024-12-09 17:41:24
On Mon, Dec 9, 2024 at 9:28 AM Peter Dimov <pdimov_at_[hidden]> wrote:
> "seed" "message" and "seedm" "essage" trivially collide,
> which may not be desirable.
>
Sorry, I don't follow. You are comparing the result of two different hash
functions:
H1 h1( "seed", 4 );
h1.update( "message", 7 );
auto r1 = h1.result();
H2 h2( "seedm", 5 );
h2.update( "essage", 6 );
auto r2 = h2.result();
assert( r1 == r2 );
h1 and h2 are different hash functions from the same family [1] and you
have gone out of your way to form a preimage utilizing knowledge of the
seed. Hardly fair and also does not in any way reflect the security
concerns of real use-cases.
Your own implementation of the seeded FNV-1a constructor simply calls
update():
I think it would be preferable if Hash2 made this the default
implementation, and allowed more sophisticated algorithms (and authors) to
opt-in to a better implementation. Otherwise, we are forcing ordinary users
who just want to adapt an external library to meet the HashAlgorithm
requirements to become experts.
[1] https://en.wikipedia.org/wiki/Universal_hashing
[2]
https://en.wikipedia.org/wiki/Fowler%E2%80%93Noll%E2%80%93Vo_hash_function
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk