From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,ac39a12d5faf5b14
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2002-04-24 08:40:14 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!newsfeed1.cidera.com!Cidera!cyclone.socal.rr.com!cyclone3.kc.rr.com!news3.kc.rr.com!twister.socal.rr.com.POSTED!not-for-mail
Message-ID: <3CC6D1EC.FF2B4D1D@san.rr.com>
From: Darren New <dnew@san.rr.com>
X-Mailer: Mozilla 4.77 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: Grace and Maps (was Re: Development process in the Ada community)
References: <3CB46975.90408@snafu.de> <3CBAFFEE.2080708@snafu.de>
 <4519e058.0204171036.6f0a7394@posting.google.com> <3CBDD795.4060706@snafu.de>
 <4519e058.0204180800.44fac012@posting.google.com> <3CBF0341.8020406@mail.com>
 <a9n0tk$6fs$1@nh.pace.co.uk>
 <4519e058.0204190529.559a47ae@posting.google.com>
 <a9p98h$8hn$1@nh.pace.co.uk> <3CC1C6B3.6060306@telepath.com>
 <3CC21747.5000501@telepath.com> <V+UgdHreGTJg@eisner.encompasserve.org>
 <x7vr8l871it.fsf@smaug.pushface.org> <4519e058.0204220534.2eb33730@posting.go
 <3CC48F34.5A474E0F@boeing.com> <3CC49C50.485AE213@san.rr.com>
 <3CC4B5C0.4D16077C@acm.org> <3CC4E9DA.E02BE0DA@san.rr.com>
 <7vznzukhzf.fsf@vlinux.voxelvision.no> <3CC5B161.C719C5D8@san.rr.com>
 <7vg01lwaku.fsf@vlinux.voxelvision.no> <3CC6B932.75C468E1@san.rr.com>
 <7vbsc9w367.fsf@vlinux.voxelvision.no> <3CC6CED0.C5E203F9@san.rr.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Wed, 24 Apr 2002 15:39:11 GMT
NNTP-Posting-Host: 66.75.151.160
X-Complaints-To: abuse@rr.com
X-Trace: twister.socal.rr.com 1019662751 66.75.151.160 (Wed,
 24 Apr 2002 08:39:11 PDT)
NNTP-Posting-Date: Wed, 24 Apr 2002 08:39:11 PDT
Organization: RoadRunner - West
Xref: archiver1.google.com comp.lang.ada:23061
Date: 2002-04-24T15:39:11+00:00
List-Id: <comp.lang.ada>

Darren New wrote:
> /* Crappy pseudo-C... This should find about 2**16 collisions. */
> for (i = 0; i < 2**32; i++) {
>   if (burtle(i, ...) == 27) {
>     printf("Found one that hashes to 27: %ul\n", i);
>   }
> }

Actually, I take that back. That was dumb. It won't find nearly that
many collisions, if "burtle" is returning a 32-bit integer.

But the point is severalfold:

1) I *can* find collisions, regardless of the code that implements the
hash,

2) Using a cryptographically secure hash with a large range is probably
overkill for a basic hash library, so at least the vulnerability should
be thought about,

3) if you can insert multiple records with the same key, you can wind up
with a system that hashes lots of different stuff to the same value.

4) Hashes are nevertheless an extremely useful library component.

-- 
Darren New 
San Diego, CA, USA (PST). Cryptokeys on demand.
   The 90/10 rule of toothpaste: the last 10% of 
         the tube lasts as long as the first 90%.