[PATCH] Add class java.security.StandardMessageDigests

Florian Weimer fweimer at redhat.com
Mon May 5 13:09:46 UTC 2014


On 05/05/2014 02:31 PM, Xuelei Fan wrote:
> Comparing with the call:
>     MessageDigest md = MessageDigest.getInstance("SHA-1");
>
> What's the benefit of the following call?
>
>     MessageDigest md = StandardMessageDigests.newSHA1();
>
> What's the context that this new class is supposed to use?

It's 10% faster, even including the digest overhead for a single-block 
message.  I forgot to mention that the benchmark numbers I posted 
include that, to make them more realistic.  If I only measure the cost 
of instantiation and a single-byte update, the numbers are as follows:

Benchmark                                       Mode   Samples 
Mean   Mean error    Units
o.o.j.b.StandardMessageDigestsBenchmark.get    thrpt       200 
6292.827      178.149   ops/ms
o.o.j.b.StandardMessageDigestsBenchmark.smd    thrpt       200 
10018.883      294.193   ops/ms

I think the single-block hashing case is important because it is not 
always possible to reuse an existing digest object after calling 
reset().  The difference will be more visible once we have message 
digests with hardware support (which is apparently around the corner for 
SHA-1 and SHA-256).

We could also revisit the decision about NoSuchAlgorithmException:

>>> I deliberately did not include support for MD5.  It would be nice if we
>>> could drop the NoSuchAlgorithmException, but this would be problematic
>>> once there are providers that do not support SHA-1.

If we guarantee that the algorithms are always supported, we could drop 
the checked exception, making it easier to initialize objects.  This 
would be an added benefit, then.

-- 
Florian Weimer / Red Hat Product Security Team



More information about the security-dev mailing list