There's an interesting article
today about using hash collisions
to create a denial of service. The white paper
referred to in the article
is a bit light on details, but I did find the premise interesting.
They specifically mention attacking Perl's hash implementation, including specific attacks for 5.6.1
An obvious defense is to avoid putting untrusted data
into a hash. Sounds easy, but associative arrays are
probably already being used this way all over the place.
Any ideas on workarounds and fixes to reduce the risk
of being DOS'ed ?