Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re^10: Hash order randomization is coming, are you ready?

by BrowserUk (Pope)
on Dec 04, 2012 at 01:13 UTC ( #1006975=note: print w/ replies, xml ) Need Help??


in reply to Re^9: Hash order randomization is coming, are you ready?
in thread Hash order randomization is coming, are you ready?

5.17.6 returned things to roughly where they were in 5.8.1.

Okay. Thanks for that. I was party to some of thr discussion for the 5.8.1 randomisation, so that makes sense to me.

Somewhat related is the actual hash function in 5.17.6 is different from 5.17.5, and we probably will use a yet again different hash function in 5.18.

Can you explain why the hash function has changed? And what is has changed (is going to change) to?

A reference to background material regarding the selection and testing of the new hash functions whould be interesting and useful.

And if I have my way hashes will be randomized on a per hash level as well.

Could you briefly explain why you would do that? What it would achieve or prevent?


With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.

RIP Neil Armstrong


Comment on Re^10: Hash order randomization is coming, are you ready?
Re^11: Hash order randomization is coming, are you ready?
by demerphq (Chancellor) on Dec 04, 2012 at 06:41 UTC

    Prevention of algorithmic complexity attacks.

    ---
    $world=~s/war/peace/g

      Prevention of algorithmic complexity attacks.

      Hm. That is reasoning for randomising the seed for the hashing algorithm; but not reasoning for changing the hash algorithm itself.

      It also doesn't explain why you would do it on a hash-by-hash basis rather than a per-process basis.

      I don't get the reluctance to share this information?


      With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.

      RIP Neil Armstrong

        but not reasoning for changing the hash algorithm itself

        Sure it is. A strong hash function is harder to attack.

        why you would do it on a hash-by-hash basis rather than a per-process basis.

        Concerns over information exposure of key order to an attacker.

        I don't get the reluctance to share this information?

        If there is any reluctance it is purely that of me wanting to avoid a long dialog repeating what has already been said elsewhere. I have a lot of demands on my time these days.

        ---
        $world=~s/war/peace/g

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1006975]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (5)
As of 2014-08-30 01:31 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (291 votes), past polls