Clarify HashMap docs discussion of DoS protection

[aturon]

Today, the HashMap docs say:

The hashes are all keyed by the thread-local random number generator on creation by default. This means that the ordering of the keys is randomized, but makes the tables more resistant to denial-of-service attacks (Hash DoS). No guarantees are made to the quality of the random data. The implementation uses the best available random data from your platform at the time of creation. This behavior can be overridden with one of the constructors.

While this is accurate, it's burying the lede: we should say much more clearly what the tradeoffs are, and point more directly toward the custom hashing infrastructure. E.g.:

By default, HashMaps use a somewhat slow hashing algorithm that provides resistance to denial-of-service attacks (Hash DoS). For cases where DoS protection isn't needed, you can opt into a faster hasher by using some details here.

[steveklabnik]

part of #29348

[steveklabnik]

I would be happy to work with anyone who wants to work on this issue.

[apoelstra]

#33086 is relevant to this bug -- now the docs should say that Rust uses a slow hash function by default "for DoS protection", but does not actually provide DoS protection.

[mgattozzi]

@steveklabnik I'd like to take a crack at this issue with your help. I won't be able to work on it today but I could tomorrow.

[steveklabnik]

@mgattozzi great! Can you swing by IRC tomorrow? That'd be easiest

[mgattozzi]

The docs IRC channel correct? I'll swing by around 7pm EST maybe even
slightly earlier

On Wed, Aug 3, 2016, 17:17 Steve Klabnik notifications@github.com wrote:

@mgattozzi https://github.com/mgattozzi great! Can you swing by IRC
tomorrow? That'd be easiest

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#33817 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ADWgH5YKt0H0bzuuHrKm9bwCHoSVdgUXks5qcQV-gaJpZM4IkoPE
.

[steveklabnik]

Yeah, any of them. That's a little late for me, but I'm sure that one of us can be helpful 😄

(And I'm also happy to do it asynchronously through this issue too, just sometimes real-time is a bit easier.)

[mgattozzi]

I'll pop in around that time and if you're around great if not I'll point
the channel to this issue to ask for help if I need it. I could pop on
during work lunch break tomorrow and at least get a starting point from you
if that works as well.

On Wed, Aug 3, 2016 at 6:15 PM Steve Klabnik notifications@github.com
wrote:

Yeah, any of them. That's a little late for me, but I'm sure that one
of us can be helpful 😄

(And I'm also happy to do it asynchronously through this issue too, just
sometimes real-time is a bit easier.)

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#33817 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ADWgH_-hJiCu6ixjvDSmgPqr8JsQ72AIks5qcRL4gaJpZM4IkoPE
.