Using different hash algorithm in purple_util_get_image_checksum()

Mark Doliner mark at kingant.net
Tue Jun 30 17:25:41 EDT 2009


The purple_util_get_image_checksum() function in libpurple/util.c
currently uses SHA-1 to generate a checksum for a chunk of image data.
 SHA-1 is a cryptographic hash function, which means it's hard for
someone to engineer a chunk of data that matches a given hash.  It
also means it's slow.

Do we need to be using a cryptographic hash function here?  This hash
function is one of the more expensive parts of libpurple.  I think
it's called once for each buddy icon we receive.  Adler-32 is much
faster when you're not concerned about security (it's maybe 8 times
faster than SHA-1).  zlib contains an Adler-32 implementation.  I
think GLib's g_string_hash() function is also pretty fast (but not as
fast as Adler-32 when hashing image data).  I haven't really
investigated what problems we would have switching hash functions... I
think we would have to migrate or purge buddy icons from
~/.purple/icons/, because the icon filename is the hash.  And there
might be other problems.

But, uh, how to people feel about this change?

-Mark




More information about the Devel mailing list