hash/maphash: Document whether used hash algorithm is stable across future versions #37040
Comments
|
I agree this should be called out in the packages documentation. As this is using the runtime hash which has different implementations (non-AES vs AES) it can differ even using the same binary depending on cpu feature detection. It seems https://golang.org/cl/205069 dropped this part of the documentation which outlines that hashes are not even guaranteed to be equal between processes using the same binary: // Two Hash instances with the same seed in different processes are |
|
It now says: There's no way to transfer a seed between processes (including the same binary across time). |
|
@randall77 Repeating such a statement in the packages overview section and maybe the relevant release notes section might help setting the expectations straight in more prominent places. |
dmitshur
added
the
NeedsFix
|
Change https://golang.org/cl/218297 mentions this issue: |
|
Change https://golang.org/cl/255968 mentions this issue: |
Add note about using per-use seeds. Delete "collision-resistant but" in: > The hash functions are collision-resistant but not cryptographically secure. "Collision-resistant" has a precise cryptographic meaning that is incompatible with "not cryptographically secure". All that is really meant by it here here is "it's a good hash function", which should be established already. Also delete: > The hash value of a given byte sequence is consistent within a > single process, but will be different in different processes. This was added for its final clause in response to #37040, but "The hash value of a given byte sequence" is by design not a concept in this package. Only "... of a given seed and byte sequence". And seeds cannot be shared between processes, so again by design you can't even set up the appropriate first half of the sentence to say the second half. Change-Id: I2c02bee0e804ef3b120cb4752bf89e60f3f5ff5d Reviewed-on: https://go-review.googlesource.com/c/go/+/255968 Trust: Russ Cox <rsc@golang.org> Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
The new hash/maphash package in Go 1.14 doesn't make any statement about whether the hash results can differ in future versions or not.
At worst people will just assume they won't differ and store those hash values expecting to be able to repeat the hashing given the same values and seeds in the future.
I would sleep better when this was made more explicit in the documentation.
What version of Go are you using (
go version)?Does this issue reproduce with the latest release?
yes
What operating system and processor architecture are you using (
go env)?go envOutputWhat did you do?
Read documentation of new package https://tip.golang.org/pkg/hash/maphash/
What did you expect to see?
Documentation on whether the hash function will always deliver the same hash across all Go 1 versions in the future given the same seed and bytes to be hashed.
What did you see instead?
No statement whether I can assume this or not.
The text was updated successfully, but these errors were encountered: