W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2010

Re: Hash functions

From: Glenn Maynard <glenn@zewt.org>
Date: Wed, 22 Dec 2010 17:04:45 -0500
Message-ID: <AANLkTi=oB8vYihFycTjKKpF-4p5L+vm3z6Tae__pHunh@mail.gmail.com>
To: Charles Pritchard <chuck@visc.us>
Cc: "Tab Atkins Jr." <jackalmage@gmail.com>, Boris Zbarsky <bzbarsky@mit.edu>, public-webapps@w3.org
On Wed, Dec 22, 2010 at 4:39 PM, Charles Pritchard <chuck@visc.us> wrote:
> It'd be nice to see an SHA1 JS test case setup for performance testing using
> recent APIs like ArrayBuffer.
>
> These kinds of self-contained functions are low hanging fruit for compiler
> optimization.
> "use strict", Typed Arrays and Object.seal give JS compilers a reasonable
> chance
> to hit the performance of C compilers.

I'm skeptical, but that's from past history with high-level languages,
and the JS optimizations lately have surprised everyone, so of course
it'd be great if this was the case.

> I've not been able to find a 'public domain' JS SHA1 implementation on the
> web.
> Current JS code, BSD licensed SHA1 and MD5 scripts have been through extensive open source review.

Were you looking for public domain code rather than BSD-licensed code
for some reason?

> If you need a quick hash function, there are faster ones than SHA1.

That's usually not a very appealing workaround.

>> I still think it may be useful for the security use-case as well,
>> where you explicitly want a slow hash to begin with.  If JS imposes a
>> slowdown on top of that, it could render a good hash too slow to
>> actually use in practice.  Plus, you have to depend on the hash
>> implementation you pulled off the web or hacked together yourself,
>> which you probably didn't manually verify before starting to use.
>
> I'd only expect vendors to implement sha1 and md5.

I hope they'd implement the other SHA hashes with a little nudging.
SHA-2 code is just as readily available, and I'd hate for Javascript
to be one more excuse not to upgrade a hash.

-- 
Glenn Maynard
Received on Wednesday, 22 December 2010 22:05:18 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:42 GMT