From 2683e8494c265a986c76e2613e3f33052f8b58f0 Mon Sep 17 00:00:00 2001 From: Michael Gattozzi Date: Thu, 4 Aug 2016 18:07:29 -0400 Subject: [PATCH] Update HashMap docs regarding DoS protection Because of changes to how Rust acquires randomness HashMap is not guaranteed to be DoS resistant. This commit reflects these changes in the docs themselves and provides an alternative method to creating a hash that is resistant if needed. --- src/libstd/collections/hash/map.rs | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/src/libstd/collections/hash/map.rs b/src/libstd/collections/hash/map.rs index fd7b0a2e6bbf6..8039421ae7730 100644 --- a/src/libstd/collections/hash/map.rs +++ b/src/libstd/collections/hash/map.rs @@ -199,13 +199,12 @@ fn test_resize_policy() { /// A hash map implementation which uses linear probing with Robin /// Hood bucket stealing. /// -/// The hashes are all keyed by the thread-local random number generator -/// on creation by default. This means that the ordering of the keys is -/// randomized, but makes the tables more resistant to -/// denial-of-service attacks (Hash DoS). No guarantees are made to the -/// quality of the random data. The implementation uses the best available -/// random data from your platform at the time of creation. This behavior -/// can be overridden with one of the constructors. +/// By default, HashMap uses a somewhat slow hashing algorithm which can provide resistance +/// to DoS attacks. Rust makes a best attempt at acquiring random numbers without IO +/// blocking from your system. Because of this HashMap is not guaranteed to provide +/// DoS resistance since the numbers generated might not be truly random. If you do +/// require this behavior you can create your own hashing function using +/// [BuildHasherDefault](../hash/struct.BuildHasherDefault.html). /// /// It is required that the keys implement the `Eq` and `Hash` traits, although /// this can frequently be achieved by using `#[derive(PartialEq, Eq, Hash)]`.