hash-salt Takashi Kato 04 Feb 2016 08:21 UTC
Re: hash-salt taylanbayirli@xxxxxx 04 Feb 2016 09:21 UTC

Re: hash-salt taylanbayirli@xxxxxx 04 Feb 2016 09:21 UTC

Takashi Kato <ktakashi19@gmail.com> writes:

> Hi,
>
> I'm currently implementing SRFI-126 on Sagittarius and have got a question
> about hash-salt. The description says it needs to be expanded to exact
> non-negative integer but it would be the same value for each time if
> implementations cache the result of compiled code. I think I know the
> answer but is this expected behaviour?

Ugh, that was a mistake.  I did not mean to specify such behavior.  An
implementation is free (and I think encouraged) to expand (hash-salt) to
an expression that will yield the salt value at run-time, so it could be
different for multiple runs of a compiled program.

On the other hand, randomizing the salt at compile-time might be good
enough, and provide a small performance improvement in hash functions.

On the third hand, a constant salt in a compiled program would mean, for
instance, that all systems installing a binary from a package manager
get the same salt value, so it would be deducible by an attacker.  So
yes, I would encourage run-time randomization by default.

> And just found out that on sample implementations hash-salt are implemented
> as a procedure. Should this be something like this (on R6RS)?
>
> (define-syntax hash-salt
>   (lambda (x)
>     (define *hash-salt*
>       (let ((seed (get-environment-variable "SRFI_126_HASH_SEED")))
>         (if (or (not seed) (string=? seed ""))
>             (random-integer (greatest-fixnum))
>             (modulo
>              (fold (lambda (char result)
>                      (+ (char->integer char) result))
>                    0
>                    (string->list seed))
>              (greatest-fixnum)))))
>     (syntax-case x ()
>       ((_) *hash-salt*))))

Indeed I also forgot to make hash-salt a macro in the implementation.

(Though one could hide behind the fact that a procedure call expression
is technically syntax, I suppose.  Providing a nullary function for what
should be a nullary macro is a backwards-compatible extension to the
semantics of the spec.)

As syntax, I would define hash-salt as follows:

(define-syntax hash-salt
  (syntax-rules ()
    ((hash-salt) *hash-salt*)))

Where the definition of *hash-salt* is the same as before.

Your implementation is valid for when one wants the salt to be constant
in a compiled program, but I would recommend against that variant as
explained above.

> Cheers,

Thanks for spotting this, and sorry about the mess!

Taylan