- From: Glenn Maynard <glenn@zewt.org>
- Date: Wed, 22 Dec 2010 17:04:45 -0500
- To: Charles Pritchard <chuck@visc.us>
- Cc: "Tab Atkins Jr." <jackalmage@gmail.com>, Boris Zbarsky <bzbarsky@mit.edu>, public-webapps@w3.org
On Wed, Dec 22, 2010 at 4:39 PM, Charles Pritchard <chuck@visc.us> wrote: > It'd be nice to see an SHA1 JS test case setup for performance testing using > recent APIs like ArrayBuffer. > > These kinds of self-contained functions are low hanging fruit for compiler > optimization. > "use strict", Typed Arrays and Object.seal give JS compilers a reasonable > chance > to hit the performance of C compilers. I'm skeptical, but that's from past history with high-level languages, and the JS optimizations lately have surprised everyone, so of course it'd be great if this was the case. > I've not been able to find a 'public domain' JS SHA1 implementation on the > web. > Current JS code, BSD licensed SHA1 and MD5 scripts have been through extensive open source review. Were you looking for public domain code rather than BSD-licensed code for some reason? > If you need a quick hash function, there are faster ones than SHA1. That's usually not a very appealing workaround. >> I still think it may be useful for the security use-case as well, >> where you explicitly want a slow hash to begin with. If JS imposes a >> slowdown on top of that, it could render a good hash too slow to >> actually use in practice. Plus, you have to depend on the hash >> implementation you pulled off the web or hacked together yourself, >> which you probably didn't manually verify before starting to use. > > I'd only expect vendors to implement sha1 and md5. I hope they'd implement the other SHA hashes with a little nudging. SHA-2 code is just as readily available, and I'd hate for Javascript to be one more excuse not to upgrade a hash. -- Glenn Maynard
Received on Wednesday, 22 December 2010 22:05:18 UTC