[Scaevolus]

Rather than "poorly-designed", I should have said "cryptographically insecure".

Most hash functions are engineered for speed and collision resistance, in that order. Trading collision resistance for speed is worthwhile for many workloads, since it barely affects the average case.

[haberman]

> Most hash functions are engineered for speed and collision resistance, in that order.

I disagree with that assessment. I think most hash functions are designed for speed and good distribution of outputs given normal inputs. But designing to resist collisions against someone trying to deliberately create them is a different thing entirely.

> Trading collision resistance for speed is worthwhile for many workloads, since it barely affects the average case.

I think that is far from established. SipHash is marketed under this premise, but from what I have heard it is significantly slower, particularly for short inputs.

[Scaevolus]

Yes, speed for normal inputs is what's generally desired.

A faster hash function can yield better overall performance than having fewer collisions. Here's some empirical evidence for this: https://www.strchr.com/hash_functions

The speed is correlated only weakly with the number of collisions-- and using the modern x86 CRC32 instruction yields the best results.

[nickpsecurity]

I suggest somebody test SpookyHash-128 similarly to those to see how it performs. Designed to be collision resistant and fast.

http://www.burtleburtle.net/bob/hash/spooky.html

[CiPHPerCoder]

Why not SipHash? https://www.131002.net/siphash/

[nickpsecurity]

Cuz I either forgot it or never heard of it. Also looks to be one Perl comments are referencing. Has good performance and published cryptanalysis. That's awesome! Looks to be good default for this sort of thing. Thanks for the link. Definitely going in bookmarks & probably future apps :)