[question] What is the purpose of RandomXxHashBuilder64?
dsprenkels opened this issue ยท 2 comments
This crate supports initializing XxHash with a random seed. I was wondering when would this be used?
First, I imagined that a user could use the random seed for preventing denial-of-service attacks based on the hash-collisions in HashMap (i.e. why we use SipHash-1-3 for HashMap). However, that does not work, because XXHash does not prevent these attacks.
So I was wondering: what is the use case for RandomXxHashBuilder{32,64}? Why not just use XxHash{32,64}::with_seed with some unique constant?
Wow, I totally missed this question, sorry!
I don't know enough about hashes to be an authoritative source about them. Your best bet is to check with the actual hash authors. I just read code and make the test outputs line up :-).
The true answer is that I was following the pattern in the standard library (which, as you say, aims for HashDOS resistance). I never spent much time thinking about it. ๐
Thank you!
I already kind-of presumed that it was to mirror the stdlib. :)
However, I feel that this might be dangerous. In the stdlib, the randomized seeds are used for the purpose of preventing HashDoS attacks. Because the crate API mirrors the stdlib, it suggests that these functions could be used for the same purpose (i.e. to prevent HashDoS). But this will not work and might result in insecure usage of the API.
Might I suggest deprecating these functions? Or would you mind me adding a note in the docs urging the user that using random seeds doe not prevent HashDoS attacks?