Re: Real-World Impact of Hash DoS in Lua

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

• Subject: Re: Real-World Impact of Hash DoS in Lua
• From: Roberto Ierusalimschy <roberto@...>
• Date: 2012年1月25日 20:26:04 -0200

---

> OK. Cool. This is a showstopper for the company I am working with for
> rolling out embedded Lua with nginx. Is there anything I can do to help?
what it is still missing now is how to create the initial per-state
random seed. Suggestions included some address and arc4random. I am
afraid that, for the backup ANSI implementation, we cannot do much
better than something like this:
 seed = (unsigned int)time() + (unsigned int)L;
We can have better implementations for particular system. For instance,
we can use arc4random if present, but how to detect it? Are there any
other suggestions?
-- Roberto

---

• Follow-Ups:
  • Re: Real-World Impact of Hash DoS in Lua, William Ahern
  • Re: Real-World Impact of Hash DoS in Lua, Jerome Vuarand
  • Re: Real-World Impact of Hash DoS in Lua, Sean Conner
  • Re: Real-World Impact of Hash DoS in Lua, Florian Weimer
  • Re: Real-World Impact of Hash DoS in Lua, Natanael Copa

• References:
  • Re: Real-World Impact of Hash DoS in Lua, John Graham-Cumming
  • Re: Real-World Impact of Hash DoS in Lua, Roberto Ierusalimschy
  • Re: Real-World Impact of Hash DoS in Lua, John Graham-Cumming

• Prev by Date: Re: string dollar literals (for luamacro or tokenf)
• Next by Date: Re: string dollar literals (for luamacro or tokenf)
• Previous by thread: Re: Real-World Impact of Hash DoS in Lua
• Next by thread: Re: Real-World Impact of Hash DoS in Lua
• Index(es):
  • Date
  • Thread