hash: switch from MD5 to murmur hash

MD5 doesn't work in FIPS mode, and there's no particular reason to use a cryptographically secure hash. Also shrink size of slug output from 32 to 8 characters.
npm · Dec 3, 2015 · f1cd16d · f1cd16d
1 parent 024b3bd
commit f1cd16d
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -10,11 +10,11 @@ var randomSlug = uniqueSlug()
 var fileSlug = uniqueSlug('/etc/passwd')
 ```
 
-### uniqueSlug(*str*) → String (32 chars)
+### uniqueSlug(*str*) → String (8 chars)
 
-If *str* is passed in then the return value will be its md5 digest in
+If *str* is passed in then the return value will be its murmur hash in
 hex.
 
-If *str* is not passed in, it will be 16 bytes coverted into 32 hex
+If *str* is not passed in, it will be 4 bytes coverted into 8 hex
 characters, generated by `crypto.pseudoRandomBytes`.
 
diff --git a/index.js b/index.js
@@ -1,15 +1,19 @@
 'use strict'
 var crypto = require('crypto')
+var MurmurHash3 = require('imurmurhash')
 
 module.exports = function (uniq) {
   if (uniq) {
-    var hash = crypto.createHash('md5')
-    hash.update(uniq)
-    return hash.digest('hex')
+    var hash = new MurmurHash3(uniq)
+    return ('00000000' + hash.result().toString(16)).substr(-8)
   } else {
-    // Safe because w/o a callback because this interface can
-    // neither block nor error (by contrast with randomBytes
-    // which will throw an exception without enough entropy)
-    return crypto.pseudoRandomBytes(16).toString('hex')
+    // Called without a callback, because this interface should neither block
+    // nor error (by contrast with randomBytes which will throw an exception
+    // without enough entropy).
+    //
+    // However, due to a change in Node 0.10.27+, pseudoRandomBytes is now the
+    // same as randomBytes, and may in fact block in situations where
+    // insufficent entropy is available.
+    return crypto.pseudoRandomBytes(4).toString('hex')
   }
 }
diff --git a/package.json b/package.json
@@ -16,5 +16,8 @@
   "repository": {
     "type": "git",
     "url": "git://github.com/iarna/unique-slug.git"
+  },
+  "dependencies": {
+    "imurmurhash": "^0.1.4"
   }
 }
diff --git a/test/index.js b/test/index.js
@@ -4,10 +4,10 @@ var uniqueSlug = require('../index.js')
 
 t.plan(5)
 var slugA = uniqueSlug()
-t.is(slugA.length, 32, 'random slugs are 32 chars')
+t.is(slugA.length, 8, 'random slugs are 8 chars')
 t.notEqual(slugA, uniqueSlug(), "two slugs aren't the same")
 var base = '/path/to/thingy'
 var slugB = uniqueSlug(base)
-t.is(slugB.length, 32, 'string based slugs are 32 chars')
+t.is(slugB.length, 8, 'string based slugs are 8 chars')
 t.is(slugB, uniqueSlug(base), 'two string based slugs, from the same string are the same')
 t.notEqual(slugB, uniqueSlug(slugA), 'two string based slongs, from diff strings are different')