Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"

Re: Re: Re: Re: Re: Re: hash collision DOS

by iburrell (Chaplain)
on Jun 03, 2003 at 00:16 UTC ( #262530=note: print w/replies, xml ) Need Help??

in reply to Re: Re: Re: Re: Re: hash collision DOS
in thread hash collision DOS

The keys aren't going into a single bucket above. The Vars() is just stripping out the non-parameter keys that stores inside of itself. The 'a', 'b' parameters are there in the object.

The way to determine what is happening inside a hash is evaluating it in scalar context. That gives you the number of buckets being used. tilly wrote a program that uses this feature to generate a list of colliding keys. This algorithm is fast and doesn't depend on reverse engineering the Perl hash algorithm.

I ran some tests on a 10,000 keys generated by tilly's method. Both inserting them into a hash and parsing the query string with CGI. It takes over 20 seconds to parse the query string in the pathological case versus less than a second for 10,000 normal strings. I haven't been willing to wait long enough to let 100,000 strings run. For a sample, here are the first 10 integers that collide and the scalar hash value showing they all go in one bucket.

8 14 22 30 38 46 54 62 70 78 86 1/8

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://262530]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (3)
As of 2016-10-27 05:25 GMT
Find Nodes?
    Voting Booth?
    How many different varieties (color, size, etc) of socks do you have in your sock drawer?

    Results (353 votes). Check out past polls.