[PATCH] Add class java.security.StandardMessageDigests
Florian Weimer
fweimer at redhat.com
Mon May 5 13:09:46 UTC 2014
On 05/05/2014 02:31 PM, Xuelei Fan wrote:
> Comparing with the call:
> MessageDigest md = MessageDigest.getInstance("SHA-1");
>
> What's the benefit of the following call?
>
> MessageDigest md = StandardMessageDigests.newSHA1();
>
> What's the context that this new class is supposed to use?
It's 10% faster, even including the digest overhead for a single-block
message. I forgot to mention that the benchmark numbers I posted
include that, to make them more realistic. If I only measure the cost
of instantiation and a single-byte update, the numbers are as follows:
Benchmark Mode Samples
Mean Mean error Units
o.o.j.b.StandardMessageDigestsBenchmark.get thrpt 200
6292.827 178.149 ops/ms
o.o.j.b.StandardMessageDigestsBenchmark.smd thrpt 200
10018.883 294.193 ops/ms
I think the single-block hashing case is important because it is not
always possible to reuse an existing digest object after calling
reset(). The difference will be more visible once we have message
digests with hardware support (which is apparently around the corner for
SHA-1 and SHA-256).
We could also revisit the decision about NoSuchAlgorithmException:
>>> I deliberately did not include support for MD5. It would be nice if we
>>> could drop the NoSuchAlgorithmException, but this would be problematic
>>> once there are providers that do not support SHA-1.
If we guarantee that the algorithms are always supported, we could drop
the checked exception, making it easier to initialize objects. This
would be an added benefit, then.
--
Florian Weimer / Red Hat Product Security Team
More information about the security-dev
mailing list