本文介绍了为什么Data.HashTable使用哈希值(来自Data.Hashable)?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我不明白为什么 p>

实际的Table实现似乎没有使用 code>(原来使用 Hashable )是为了让人们根据散列冲突缓解DOS攻击。一段时间内,每次运行都会生成一个不同的随机缺省salt,即使在后台使用 unsafePerformIO 。这种重现性的缺乏结果是一个巨大的问题,然而,对于对例如坚持数据结构跨越运行,获得可靠的基准数字等。

因此,目前的方法是提供该方法,但倾向于推迟到默认的salt ,然后在文档中添加一条警告,如果以面向公众的方式使用,它仍然可能受到各种潜在的DOS攻击媒介的影响。 (您可以在这里查看文档:)

由于 hash 是它自己的类方法,很容易实现一个带有无盐哈希的对象,并且可以使用它来记录,而且,您可以实现 hashWithSalt 就像 xor 如果你愿意的话。或者,作为注释,您可以通过 hash 您生成/记录的更合法的方法来实现 hashWithSalt code> hash 。


I do not understand why Data.HashTable is using Data.Hashable , which has hashWithSalt as the (only/basic) method.

This does not fit with the natural optimization of computing the hash value once, and storing it in the object (natural, because Haskell objects are immutable).

If I want to use HashTables with that, then I'm forced to implement hashWithSalt.(Going 1.2.0.* to 1.2.1.*, hashable re-introduced hash as a class method, but this does not help?)

The actual Table implementations don't seem to make use of hashWithSalt (HashTable.ST.Linear does not at all, HashTable.ST.Cuckoo uses two fixed salts only).

解决方案

As Carl notes in the comments, the move to the hashWithSalt method over just hash (as the original Hashable used) was to allow people to mitigate DOS attacks based on hash collisions. For a period, a different random default salt was generated on every run, even, using unsafePerformIO in the background. This lack of reproducibility turned out to be a huge problem, however, for people interested in e.g. persisting data structures across runs, getting reliable benchmarking numbers, etc.

So, the current approach is to provide the method, but tend to defer to a default salt that is fixed, and then add a warning to the documentation that this remains susceptible to various potential DOS attack vectors if used in a public-facing ways. (You can see for yourself in the documentation here: http://hackage.haskell.org/package/hashable-1.2.1.0/docs/Data-Hashable.html)

Because hash is its own class method, it is easy enough to implement an object with a "saltless" hash that is memoed with it, and furthermore, you can implement hashWithSalt as just xoring with the salt if you like. Or, as the comments note, you can implement hashWithSalt via a more legitimate method of hashing your generated/memoed hash.

这篇关于为什么Data.HashTable使用哈希值(来自Data.Hashable)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-20 11:10
查看更多