The purple_util_get_image_checksum() function in libpurple/util.c
currently uses SHA-1 to generate a checksum for a chunk of image data.
SHA-1 is a cryptographic hash function, which means it's hard for
someone to engineer a chunk of data that matches a given hash. It
also means it's slow.
Do we need to be using a cryptographic hash function here? This hash
function is one of the more expensive parts of libpurple. I think
it's called once for each buddy icon we receive. Adler-32 is much
faster when you're not concerned about security (it's maybe 8 times
faster than SHA-1). zlib contains an Adler-32 implementation. I
think GLib's g_string_hash() function is also pretty fast (but not as
fast as Adler-32 when hashing image data). I haven't really
investigated what problems we would have switching hash functions... I
think we would have to migrate or purge buddy icons from
~/.purple/icons/, because the icon filename is the hash. And there
might be other problems.
But, uh, how to people feel about this change?
-Mark
_______________________________________________
Devel mailing list
Devel@...
http://pidgin.im/cgi-bin/mailman/listinfo/devel
