RFR: 8221836: Avoid recalculating String.hash when zero
Peter Levart
peter.levart at gmail.com
Tue Apr 9 08:53:32 UTC 2019
Hi Aleksey,
On 4/9/19 10:11 AM, Aleksey Shipilev wrote:
>> 2. No risk of hashcode recomputation for the 2^-32 case.
>> This might seem laughable, until you remember that it's exactly
>> those cases that DOS attackers like to create.
> Alt-hashing covers this obscure case in the course of mitigating much easier and much broader attack
> on String hashcode. We don't get to wave in every single hack into class libraries under "security"
> justification, especially when the mitigation already exists.
>
> -Aleksey
>
Which alt-hashing are you talking about? The one which was removed from
Java code of String in transition from JDK 7 -> JDK 8 ?
AFAIK, there's no alt-caching for pure java code for Strings any more
(there's something for internal JVM use). It was dropped when
(Concurrent)HashMap got tree-ification.
Regards, Peter
More information about the core-libs-dev
mailing list