On Tue, Mar 19, 2013 at 9:19 AM, Thomas Schilling <span dir="ltr">&lt;<a href="mailto:nominolo@googlemail.com" target="_blank">nominolo@googlemail.com</a>&gt;</span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

Oh, I just realised that this proposal is to include the older version<br>
of hashable.  In principle, I&#39;m not against that, but I do wonder what<br>
the upgrade path is.  I don&#39;t think the performance problems can be<br>
fixed in general -- that&#39;s just the price of security.  So it becomes<br>
critical what the upgrade path looks like.  Do users get a slowdown of<br>
2x by default and then have to manually make it faster again if<br>
something is not security sensitive?  Do users have to explicitly opt<br>
in for security (a bad default, IMO)?  Do we have any idea how that<br>
switch may affect the API?</blockquote><div><br></div><div>From an API standpoints, users of unordered-containers will be unaffected by any changes to hashable and people who write Hashable instances are unlikely to be affected either, as long as they write their instances in terms of hashWithSalt.</div>

<div><br></div><div>From a performance standpoint, it depends on what we decide to make the default behavior of hashable be and for what types (e.g. we could use SIpHash for string types but a simple hash for Int-like types). This is the issue that&#39;s not already settled and the reason I&#39;m holding hashable back to 1.1 for the platform. I&#39;m leaning towards fast by-default as hashing is just one of many security issues web frameworks already consciously have to deal with. It&#39;s also an issue which have many alternative fixes, which don&#39;t require a stronger hash function.</div>

<div><br></div><div>-- Johan</div><div><br></div></div>