Message158736
| Author |
Vlado.Boza |
| Recipients |
Vlado.Boza |
| Date |
2012年04月19日.17:58:08 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1334858289.64.0.441945117447.issue14621@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
Fix of this http://bugs.python.org/issue13703 is broken.
tl;dr: There only 256 different hash functions (compare it to size of _Py_HashSecret prefix and suffix). And whether keys collide or not depends only on the last 8 bits of prefix.
Problem with current randomization of hash function is following:
Suffix does not influence whether two keys have some hash or not (it is xor-ed after everything).
Everything except last 8 bits in prefix does not influence it also. Try adding 0x474200 to prefix and see what happens (it will add 0x474200 to resulting hash).
To make a DoS attack, attacker must do the following:
Generate sets of colliding keys for every 256 possible combinations of last 8 bits. Try each one of these sets - one will have significantly bigger response time, and then repeat this one. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2012年04月19日 17:58:09 | Vlado.Boza | set | recipients:
+ Vlado.Boza |
| 2012年04月19日 17:58:09 | Vlado.Boza | set | messageid: <1334858289.64.0.441945117447.issue14621@psf.upfronthosting.co.za> |
| 2012年04月19日 17:58:09 | Vlado.Boza | link | issue14621 messages |
| 2012年04月19日 17:58:08 | Vlado.Boza | create |
|