Hi all,
On Fri, Feb 7, 2014 at 8:05 AM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:
> I made SipHash version of str_compare() as a sample.
> There is timing safe php_compare(), which is stolen from BSD.
>
> https://github.com/yohgaki/php-src/compare/PHP-5.6-rfc-hash-compare
>
> [yohgaki@dev github-php-src]$ ./php-bin -r 'var_dump(str_compare("abc",
> "abc"));'
> bool(true)
> [yohgaki@dev github-php-src]$ ./php-bin -r
> 'var_dump(str_compare("asfasdf", "slkjojoeiwrj"));'
> bool(false)
>
> It's quick patch made less than 30 min.
> So it can be improved, I suppose.
>
I thought it would be better to compare performance difference.
Added more functions to play with.
There are
bool str_siphash_compare(str, str) - siphash. timing safe. (64bit)
bool str_xxhash32_compare(str, str) - xxhash. timing safe. (32bit)
bool str_md5_compare(str, str) - md5. Timing safe (128bit)
bool str_byte_compare(str, str) - Byte compare. Timing safe. No division.
bool str_byte_compare2(str, str) - Byte compare. Timing safe. With
division. (Modulo as this RFC)
bool str_compare(str, str) - plain strncmp(). Not timing safe.
I didn't took bench mark and did minimum tests.
I appreciate if anyone take benchmark.
Regards,
--
Yasuo Ohgaki
yohgaki@ohgaki.netH