On Tue, Nov 10, 2015 at 7:21 PM, John Cowan <xxxxxx@mercury.ccil.org> wrote:
This forbids a particularly paranoid implementation from using a
distinct salt for each hash table and storing it with the hash table.
I've made several tries at rewording to allow this use case, but I
can't think how to put it.

Doesn't necessarily a paranoid; suppose a long running server that
detects some hashtables behaving poorly and wants to switch
hash strategy and rehash that particular table.  You don't want to stop
and switch global parameters and rehash everything, so there'll be
inevitably hashtables with different salts.

(Given that each process can have different salts, it's very unlikely
that an attacker can prepare a particular key sets that certainly causes
poor hash distribution, so the above case can still be regarded
as an extra protection.  But I've experienced long-running servers hit
unlike scenarios so I don't think the above strategy is too much
paranoid.)