Hi Aleksey,
On 4/9/19 10:11 AM, Aleksey Shipilev wrote:
2. No risk of hashcode recomputation for the 2^-32 case.
This might seem laughable, until you remember that it's exactly
those cases that DOS attackers like to create.
Alt-hashing covers this obscure case in the course of mitigating much easier
and much broader attack
on String hashcode. We don't get to wave in every single hack into class libraries under
"security"
justification, especially when the mitigation already exists.
-Aleksey
Which alt-hashing are you talking about? The one which was removed from
Java code of String in transition from JDK 7 -> JDK 8 ?
AFAIK, there's no alt-caching for pure java code for Strings any more
(there's something for internal JVM use). It was dropped when
(Concurrent)HashMap got tree-ification.
Regards, Peter
