Using different hash algorithm in purple_util_get_image_checksum()
Mark Doliner
mark at kingant.net
Tue Jun 30 17:25:41 EDT 2009
The purple_util_get_image_checksum() function in libpurple/util.c
currently uses SHA-1 to generate a checksum for a chunk of image data.
SHA-1 is a cryptographic hash function, which means it's hard for
someone to engineer a chunk of data that matches a given hash. It
also means it's slow.
Do we need to be using a cryptographic hash function here? This hash
function is one of the more expensive parts of libpurple. I think
it's called once for each buddy icon we receive. Adler-32 is much
faster when you're not concerned about security (it's maybe 8 times
faster than SHA-1). zlib contains an Adler-32 implementation. I
think GLib's g_string_hash() function is also pretty fast (but not as
fast as Adler-32 when hashing image data). I haven't really
investigated what problems we would have switching hash functions... I
think we would have to migrate or purge buddy icons from
~/.purple/icons/, because the icon filename is the hash. And there
might be other problems.
But, uh, how to people feel about this change?
-Mark
More information about the Devel
mailing list