Drop the MurmurHash to compute hashes, as it is vulnerable to a DoS:
A specially-crafted set of keys could trigger Murmur hash function
collisions, which degrade hash table items insert performance by
changing hash table operations complexity from an expected/average
O(n) to the worst case O(n^2). Reporters were able to find colliding
strings efficiently using equivalent substrings.

Use PerlHash instead, as it was done upstream (see commit
5e4aab28b26fd127112b76fabfac9a33b64caf77 of git://jruby.org/jruby.git)
instead of the SipHash that is used in the C implementation of Ruby,
for performance reasons.

Index: jruby/src/org/jruby/RubyString.java
===================================================================
--- jruby.orig/src/org/jruby/RubyString.java	2012-12-11 20:29:23.650433034 +0100
+++ jruby/src/org/jruby/RubyString.java	2012-12-11 20:49:48.895686092 +0100
@@ -91,7 +91,7 @@
 import org.jruby.runtime.marshal.UnmarshalStream;
 import org.jruby.util.ByteList;
 import org.jruby.util.ConvertBytes;
-import org.jruby.util.MurmurHash;
+import org.jruby.util.PerlHash;
 import org.jruby.util.Numeric;
 import org.jruby.util.Pack;
 import org.jruby.util.Sprintf;
@@ -1025,7 +1025,7 @@
     }
 
     private int strHashCode(Ruby runtime) {
-        int hash = MurmurHash.hash32(value.getUnsafeBytes(), value.getBegin(), value.getRealSize(), runtime.getHashSeed());
+        int hash = PerlHash.hash32(runtime.getHashSeed(), value.getUnsafeBytes(), value.getBegin(), value.getRealSize());
         if (runtime.is1_9()) {
             hash ^= (value.getEncoding().isAsciiCompatible() && scanForCodeRange() == CR_7BIT ? 0 : value.getEncoding().getIndex());
         }
Index: jruby/src/org/jruby/util/PerlHash.java
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ jruby/src/org/jruby/util/PerlHash.java	2012-12-11 20:42:32.429215037 +0100
@@ -0,0 +1,24 @@
+package org.jruby.util;
+
+/**
+ * Perl's Hash implementation.
+ *
+ * @author nahi@ruby-lang.org
+ */
+public class PerlHash {
+    public static long hash64(long key, byte[] src, int offset, int length) {
+        for (int idx = 0; idx < length; ++idx) {
+            key += (src[offset + idx] & 0xFF);
+            key += (key << 10);
+            key ^= (key >>> 6);
+        }
+        key += (key << 3);
+        key ^= (key >>> 11);
+        key += (key << 15);
+        return key;
+    }
+    public static int hash32(long key, byte[] src, int offset, int length) {
+        long res = hash64(key,src,offset,length);
+        return ((int) (res & 0xFFFFFFFF)) ^ ((int) (res >>> 32));
+    }
+}