From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail4-relais-sop.national.inria.fr (mail4-relais-sop.national.inria.fr [192.134.164.105]) by walapai.inria.fr (8.13.6/8.13.6) with ESMTP id q0UAsrlH020015 for ; Mon, 30 Jan 2012 11:54:54 +0100 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgcDAM91Jk/ZSMDzlGdsb2JhbABDrlgiAQEBAQkLCQkUAyKBcgEBBAE6PwULCxgJJQ8BBCghE4d8A7hDiEIDCwQLBwMEOAYMgnIdAgxvBYNnBJpdjQ8 X-IronPort-AV: E=Sophos;i="4.71,591,1320620400"; d="scan'208";a="129375560" Received: from fmmailgate05.web.de ([217.72.192.243]) by mail4-smtp-sop.national.inria.fr with ESMTP; 30 Jan 2012 11:54:48 +0100 Received: from moweb002.kundenserver.de (moweb002.kundenserver.de [172.19.20.108]) by fmmailgate05.web.de (Postfix) with ESMTP id 8F625694F6AB; Mon, 30 Jan 2012 11:54:48 +0100 (CET) Received: from frosties.localnet ([95.208.118.96]) by smtp.web.de (mrweb001) with ESMTPA (Nemesis) id 0LxNyU-1SftBa1nLe-017GN0; Mon, 30 Jan 2012 11:54:48 +0100 Received: from mrvn by frosties.localnet with local (Exim 4.77) (envelope-from ) id 1Rrosp-0004Ij-Oz; Mon, 30 Jan 2012 11:54:47 +0100 From: Goswin von Brederlow To: Xavier Leroy Cc: caml-list@inria.fr References: <1325263446.5036.104.camel@samsung> <4EFDEF92.3010204@inria.fr> <20120101125212.GB12851@annexia.org> <4F0097E6.2090701@inria.fr> Date: Mon, 30 Jan 2012 11:54:47 +0100 In-Reply-To: <4F0097E6.2090701@inria.fr> (Xavier Leroy's message of "Sun, 01 Jan 2012 18:29:10 +0100") Message-ID: <87vcnt31fs.fsf@frosties.localnet> User-Agent: Gnus/5.110009 (No Gnus v0.9) XEmacs/21.4.22 (linux, no MULE) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Provags-ID: V02:K0:kriaC4Afbbnwmhf/v/5KeQed8jfsqD6ZTwBX9Qq4L1v xI0AsVZhnaXcEeAJBHOLZE4TMTL53P9i+hbTNn4Wi2H8Uhu6DC tci7hvAV5bdLE82ZL2j7vRV3cB0bVSrBIBmfrey4gMvOi4XBsO KXJu20BE5jZVT7WFh/rSpWqQeTwrdtlGvPioau9nrGlqw1fARo LsQiwxpjjoXvv6QcVFbmg== Subject: Re: [Caml-list] Hashtbl and security Xavier Leroy writes: > On 01/01/2012 01:52 PM, Richard W.M. Jones wrote: >> On Fri, Dec 30, 2011 at 06:06:26PM +0100, Xavier Leroy wrote: >>> Indeed. The optional "seed" parameter to Hashtbl.create does exactly >>> this in the new implementation of Hashtbl (the one based on Murmur3). >> >> It may be worth noting that Perl solved this problem (back in 2003) by >> unconditionally using a seed which is a global set to a random number >> during interpreter initialization. > > That's how my initial reimplementation of Hashtbl worked, using the > Random module to produce seeds, but I was told (correctly) that in > security-sensitive applications it's better to leave the generation of > random numbers under control of the programmer. For some applications > Random.self_init might be good enough and for others stronger > randomness is needed. > > Of course, you can trivially emulate Perl's behavior using the new > Hashtbl implementation + the Random module. > > - Xavier Leroy It is also crucial if you are doing performance tests or debugging. You want the same behaviour on every run for that. MfG Goswin