/ Java Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

What's Wrong With Hashcode in java.lang.String?

DZone's Guide to

What's Wrong With Hashcode in java.lang.String?

This overview of strings and hashcode covers how hashcode works, how collisions happen, and the danger of improperly using strings as keys.

by
Artem Rukavitsya
·
Jun. 06, 17 · Java Zone
Free Resource

Comment (52)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Download Microservices for Java Developers: A hands-on introduction to frameworks and containers. Brought to you in partnership with Red Hat.

One of the most significant criteria of every hash function is the tendency for collisions. Hash functions inside the JDK are not the exception. The main idea of a collision attack is finding two different messages, m1 and m2, such that hash(m1) = hash(m2). In this article, I would like to show that this problem is reproducible in every program written in Java and how to get around it.

Firstly, let's consider the internals of the hashcode function in java.lang.String:

    public int hashCode() {
        int h = hash;
        if (h == 0 && value.length > 0) {
            char val[] = value;

            for (int i = 0; i < value.length; i++) {
                h = 31 * h + val[i];
            }
            hash = h;
        }
        return h;
    }


As you see hashcode in java.lang.String class is computed as:

s[0]*31^(n-1) + s[1]*31^(n-2) + ... + s[n-1]

This is nothing more than a polynomial accumulation method. The multiplier of this function is 31 and it has its own rationale: Joshua Bloch in Effective Java explained this solution: "The value 31 was chosen because it is an odd prime. If it were even and the multiplication overflowed, information would be lost, as multiplication by 2 is equivalent to shifting. The advantage of using a prime is less clear, but it is traditional. A nice property of 31 is that the multiplication can be replaced by a shift and a subtraction for better performance: 31 * i == (i << 5) - i. Modern VMs do this sort of optimization automatically." (from Chapter 3, Item 9: Always override hashcode when you override equals, page 48).

The collisions in hashcode are generated trivially:

If String a and String b have a common prefix and the same length — if n and the statement 31*(b[n-2] - a[n-2]) == (a[n-1] - b[n-1]) is true — it means that first and second strings have the same hashcode.

Let's consider this example:

 String a = "Aa";
 String b = "BB";
 System.out.println(a.hashCode());
 System.out.println(b.hashCode());

 System.out.println(31 * ('C' - 'D') == ('B' - 'a'));
 System.out.println(31 * ('B' - 'A') == ('a' - 'B'));

 System.out.println("common_prefixDB".hashCode());
 System.out.println("common_prefixCa".hashCode());


If you run this example, you will see the same hashcode for "Aa" and "BB" — 2112 — and for the two last strings with "common_prefix" — 1027514780. You can generate your own collisions in a simple loop statement.

With this fact, it follows that the usage of a string like a key in HashMap is the mistake — for instance, if the programmer used a String key in a HashMap for storing HTTP headers, the attacker can use it for DoS attacks.

As a conclusion, be careful with hashcode functions.

Download Building Reactive Microservices in Java: Asynchronous and Event-Based Application Design. Brought to you in partnership with Red Hat

Like This Article? Read More From DZone

Secure Web Application in Java EE6 using LDAP
How HashMap Works in Java
Auto-Generating Spring Security: Custom JDBC Realms

Free DZone Refcard

Contexts and Dependency Injection for the Java EE Platform
DOWNLOAD
Topics:
java ,hashcode ,java security ,java.lang.string ,tutorial

Comment (52)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Opinions expressed by DZone contributors are their own.

Java Partner Resources

A Better Pull Request
CA App Experience Analytics, a whole new level of visibility. Learn more.
Developing Reactive Microservices: Enterprise Implementation in Java
A Practical Guide to Learning Git
IBM Bluemix: From Idea to Application
Easily Build Continuous Delivery Pipelines with Jenkins and Pipeline Plugin
Download a Complimentary O’Reilly eBook on Cloud-Native Application Architectures
Jenkins, Docker and DevOps: The Innovation Catalysts
The single app analytics solutions to take your web and mobile apps to the next level. Try today!
Download our Git cheat sheet
Building Reactive Microservices in Java: Asynchronous and Event-Based Application Design
Improve Code Quality with this Tutorial

Java Partner Resources

A Better Pull Request
CA App Experience Analytics, a whole new level of visibility. Learn more.
Developing Reactive Microservices: Enterprise Implementation in Java
A Practical Guide to Learning Git
THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone