Hi!
Anyway I was looking at the hash function in PHP the other week, and was playing around with some different implementations. DJBX33A is fast, which I guess is why PHP uses it as it is hit so many times in the execution.
Some time ago we've checked various implementations of hash functions and the result was none produces better results consistently than one we already have. Note that you have to account not only for the function itself but for the usage patterns - e.g., distribution of key sizes for variables, functions, classes, etc. However bigger question is - wouldn't another hash function be as vulnerable? Unless we have a perfect hash we'll still have collisions, and that means it still can be attacked if collisions are easy to generate. Obvious solution would be to use a salt for the hash, which prevents blind pre-computing of hash collisions. However, due to the fact that PHP hash values can be reused in different processes by bytecode caches, implementing it properly is not trivial.
-- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
