So what you're saying is that you have a file of 350 magic keys that when used to build a hash on any version of Perl from 5.8.1 through 5.16 will cause this constant doubling of the hash size, regardless of what hash seed was chosen at startup?
Yes.
Dave.
| [reply] |
Doesn't that render all the preceding discussion -- in this thread and elsewhere -- about being able to discover the seed, completely redundant?
I understand the desire -- given the propensity of distributions to ship old versions of perl beyond their sell-by date -- to not share the magic key file publicly, but would you share them with me privately?
With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
In the absence of evidence, opinion is indistinguishable from prejudice.
| [reply] |
Doesn't that render all the preceding discussion -- in this thread and elsewhere -- about being able to discover the seed, completely redundant?
No.
With 5.8.1 we assumed we'd fixed algorithmic complexity attacks. When it all blew up again in 2013, we looked on smugly as Python, Ruby et al scrambled to do the same stuff we'd already done years before. Then we looked more closely and realised that our 5.8.1 fix wasn't as good as it could be. Then we noticed that in addition, the 5.8.1 fix had introduced the hash bucket doubling bug. These issues were fixed. Then someone noticed that unsorted hash keys leaked the hash seed (around 3 bits per key IIRC). Proof of Concept code was written which demonstrated that the whole hash seed could be recovered based on receiving a small number of unsorted (and non-special) keys.
This meant that even with a good hash function and a random seed, it might be possible to attack. So we we added bucket perturbation too which seems to have stopped the seed leak.
(This is based on my recollections from the long discussion from 3/4 years ago).
would you share them with me privately
I'd prefer not to right now,
Dave.
| [reply] |