Bug: Replace md5 with sha256 in createFastHash(). #31748

cryptochecktool · 2024-12-13T01:51:01Z

1.MD5 has potential collision risks.
2.Even for speed considerations, MD5 is slower than SHA256, so replacing MD5 with SHA256 is worthwhile.
code at:

react/packages/react-server/src/ReactServerStreamConfigNode.js

Lines 234 to 238 in e06c72f

    
           export function createFastHash(input: string): string | number { 
        
             const hash = createHash('md5'); 
        
             hash.update(input); 
        
             return hash.digest('hex'); 
        
           }

Below are the speed test results(:

String Length: 16

MD5 Average Time: 0.0148 ms
SHA256 Average Time: 0.0131 ms

String Length: 256

MD5 Average Time: 0.0193 ms
SHA256 Average Time: 0.0175 ms

String Length: 10000

MD5 Average Time: 0.5830 ms
SHA256 Average Time: 0.4030 ms

String Length: 100000

MD5 Average Time: 6.2866 ms
SHA256 Average Time: 4.6130 ms

code is

<!DOCTYPE html>
<html>
<head>
    <title>Hash Function Test</title>
    <!-- Include the CryptoJS library -->
    <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>
</head>
<body>
    <h1>Hash Function Performance Test</h1>
    <div id="results"></div>

    <script>
        const md5 = (str) => CryptoJS.MD5(str).toString();
        const sha256 = (str) => CryptoJS.SHA256(str).toString();

        // Generate a random string of specified length
        function getRandomString(length) {
            let result = '';
            const characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
            for (let i = 0; i < length; i++) {
                result += characters.charAt(Math.floor(Math.random() * characters.length));
            }
            return result;
        }

        // Test the performance of the hash function
        function testHashFunction(func, length, iterations = 1000) {
            let total = 0;
            const data = getRandomString(length); // Generate data once outside the loop
            const startTime = performance.now();

            for (let i = 0; i < iterations; i++) {
                func(data); // Reuse the same data for all iterations
            }

            const endTime = performance.now();
            total = endTime - startTime; // Calculate total time once
            const average = total / iterations;
            return average;
        }

        // Test different string lengths
        const lengths = [16, 256, 10000, 100000];
        const resultsElement = document.getElementById('results');

        lengths.forEach(length => {
            const md5Avg = testHashFunction(md5, length);
            const sha256Avg = testHashFunction(sha256, length);

            resultsElement.innerHTML += `
                <h2>String Length: ${length}</h2>
                <p>MD5 Average Time: ${md5Avg.toFixed(4)} ms</p>
                <p>SHA256 Average Time: ${sha256Avg.toFixed(4)} ms</p>
                <hr>
            `;
        });
    </script>
</body>
</html>

The text was updated successfully, but these errors were encountered:

Gatormane35 · 2024-12-13T03:20:32Z

1.MD5 has potential collision risks. 2.Even for speed considerations, MD5 is slower than SHA256, so replacing MD5 with SHA256 is worthwhile. Below are the speed test results(:

String Length: 16

MD5 Average Time: 0.0148 ms SHA256 Average Time: 0.0131 ms

String Length: 256

MD5 Average Time: 0.0193 ms SHA256 Average Time: 0.0175 ms

String Length: 10000

MD5 Average Time: 0.5830 ms SHA256 Average Time: 0.4030 ms

String Length: 100000

MD5 Average Time: 6.2866 ms SHA256 Average Time: 4.6130 ms

code is

<!DOCTYPE html>
<html>
<head>
    <title>Hash Function Test</title>
    <!-- Include the CryptoJS library -->
    <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>
</head>
<body>
    <h1>Hash Function Performance Test</h1>
    <div id="results"></div>

    <script>
        const md5 = (str) => CryptoJS.MD5(str).toString();
        const sha256 = (str) => CryptoJS.SHA256(str).toString();

        // Generate a random string of specified length
        function getRandomString(length) {
            let result = '';
            const characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
            for (let i = 0; i < length; i++) {
                result += characters.charAt(Math.floor(Math.random() * characters.length));
            }
            return result;
        }

        // Test the performance of the hash function
        function testHashFunction(func, length, iterations = 1000) {
            let total = 0;
            const data = getRandomString(length); // Generate data once outside the loop
            const startTime = performance.now();

            for (let i = 0; i < iterations; i++) {
                func(data); // Reuse the same data for all iterations
            }

            const endTime = performance.now();
            total = endTime - startTime; // Calculate total time once
            const average = total / iterations;
            return average;
        }

        // Test different string lengths
        const lengths = [16, 256, 10000, 100000];
        const resultsElement = document.getElementById('results');

        lengths.forEach(length => {
            const md5Avg = testHashFunction(md5, length);
            const sha256Avg = testHashFunction(sha256, length);

            resultsElement.innerHTML += `
                <h2>String Length: ${length}</h2>
                <p>MD5 Average Time: ${md5Avg.toFixed(4)} ms</p>
                <p>SHA256 Average Time: ${sha256Avg.toFixed(4)} ms</p>
                <hr>
            `;
        });
    </script>
</body>
</html>

Gatormane35 · 2024-12-13T03:20:43Z

Kwamanabrown1@Gateway229

Gatormane35 · 2024-12-13T03:20:48Z

[email protected]

cryptochecktool · 2024-12-13T05:46:47Z

@Gateway229 what's your meaning?

Gatormane35 · 2024-12-13T12:44:53Z

1.MD5 has potential collision risks. 2.Even for speed considerations, MD5 is slower than SHA256, so replacing MD5 with SHA256 is worthwhile. Below are the speed test results(:

String Length: 16

MD5 Average Time: 0.0148 ms SHA256 Average Time: 0.0131 ms

String Length: 256

MD5 Average Time: 0.0193 ms SHA256 Average Time: 0.0175 ms

String Length: 10000

MD5 Average Time: 0.5830 ms SHA256 Average Time: 0.4030 ms

String Length: 100000

MD5 Average Time: 6.2866 ms SHA256 Average Time: 4.6130 ms

code is

<!DOCTYPE html>
<html>
<head>
    <title>Hash Function Test</title>
    <!-- Include the CryptoJS library -->
    <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>
</head>
<body>
    <h1>Hash Function Performance Test</h1>
    <div id="results"></div>

    <script>
        const md5 = (str) => CryptoJS.MD5(str).toString();
        const sha256 = (str) => CryptoJS.SHA256(str).toString();

        // Generate a random string of specified length
        function getRandomString(length) {
            let result = '';
            const characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
            for (let i = 0; i < length; i++) {
                result += characters.charAt(Math.floor(Math.random() * characters.length));
            }
            return result;
        }

        // Test the performance of the hash function
        function testHashFunction(func, length, iterations = 1000) {
            let total = 0;
            const data = getRandomString(length); // Generate data once outside the loop
            const startTime = performance.now();

            for (let i = 0; i < iterations; i++) {
                func(data); // Reuse the same data for all iterations
            }

            const endTime = performance.now();
            total = endTime - startTime; // Calculate total time once
            const average = total / iterations;
            return average;
        }

        // Test different string lengths
        const lengths = [16, 256, 10000, 100000];
        const resultsElement = document.getElementById('results');

        lengths.forEach(length => {
            const md5Avg = testHashFunction(md5, length);
            const sha256Avg = testHashFunction(sha256, length);

            resultsElement.innerHTML += `
                <h2>String Length: ${length}</h2>
                <p>MD5 Average Time: ${md5Avg.toFixed(4)} ms</p>
                <p>SHA256 Average Time: ${sha256Avg.toFixed(4)} ms</p>
                <hr>
            `;
        });
    </script>
</body>
</html>

narendrayogi · 2024-12-15T12:59:17Z

Any connection with react project?🤔

cryptochecktool · 2024-12-16T04:30:12Z

Any connection with react project?🤔

code at:

react/packages/react-server/src/ReactServerStreamConfigNode.js

Line 235 in e06c72f

const hash = createHash('md5');

narendrayogi · 2024-12-19T15:57:37Z

Guess that varies depending on the requirement and system performance!

My system results. As you stated SHA256 is better when comes to large strings

cryptochecktool · 2024-12-21T16:07:26Z

Since 2013, intel has supported instruction set acceleration for sha256. (AMD is following suit.) So SHA256 is faster than MD5.

cryptochecktool · 2024-12-22T10:53:25Z

I think someone should fix this problem. I think it will be fixed quickly. But I have no experience with js development, and if you could submit a PR to fix it, that would have a positive impact on React speed.

floweeb · 2024-12-22T11:43:46Z

Is anyone doing this I'd like to fix it.

floweeb · 2024-12-26T07:55:20Z

I finished it yesterday @cryptochecktool and submitted a PR.
#31910

cryptochecktool added the Status: Unconfirmed A potential issue that we haven't yet confirmed as a bug label Dec 13, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bug: Replace md5 with sha256 in createFastHash(). #31748

Bug: Replace md5 with sha256 in createFastHash(). #31748

cryptochecktool commented Dec 13, 2024 •

edited

Loading

Gatormane35 commented Dec 13, 2024

String Length: 16

String Length: 256

String Length: 10000

String Length: 100000

Gatormane35 commented Dec 13, 2024 •

edited

Loading

Gatormane35 commented Dec 13, 2024

cryptochecktool commented Dec 13, 2024

Gatormane35 commented Dec 13, 2024

String Length: 16

String Length: 256

String Length: 10000

String Length: 100000

narendrayogi commented Dec 15, 2024

cryptochecktool commented Dec 16, 2024

narendrayogi commented Dec 19, 2024

cryptochecktool commented Dec 21, 2024

cryptochecktool commented Dec 22, 2024

floweeb commented Dec 22, 2024

floweeb commented Dec 26, 2024 •

edited

Loading

Bug: Replace md5 with sha256 in createFastHash(). #31748

Bug: Replace md5 with sha256 in createFastHash(). #31748

Comments

cryptochecktool commented Dec 13, 2024 • edited Loading

String Length: 16

String Length: 256

String Length: 10000

String Length: 100000

Gatormane35 commented Dec 13, 2024

String Length: 16

String Length: 256

String Length: 10000

String Length: 100000

Gatormane35 commented Dec 13, 2024 • edited Loading

Gatormane35 commented Dec 13, 2024

cryptochecktool commented Dec 13, 2024

Gatormane35 commented Dec 13, 2024

String Length: 16

String Length: 256

String Length: 10000

String Length: 100000

narendrayogi commented Dec 15, 2024

cryptochecktool commented Dec 16, 2024

narendrayogi commented Dec 19, 2024

cryptochecktool commented Dec 21, 2024

cryptochecktool commented Dec 22, 2024

floweeb commented Dec 22, 2024

floweeb commented Dec 26, 2024 • edited Loading

cryptochecktool commented Dec 13, 2024 •

edited

Loading

Gatormane35 commented Dec 13, 2024 •

edited

Loading

floweeb commented Dec 26, 2024 •

edited

Loading