Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris

Re: hash collision DOS

by astaines (Curate)
on Jun 01, 2003 at 23:01 UTC ( #262264=note: print w/ replies, xml ) Need Help??

in reply to hash collision DOS

As far as I can tell from the article, what they have shown is that it is possible to exploit worst case behaviour of hashing algortihms to consume resources and that this exploit can be used against the hashing algortihms in both Perl 5.8.0 and 5.6.1. (And in many other programs)

What happpens when such an attack succeeds is that hash performance goes from O(n) to O(n^2). This matters a lot if n is several tens of thousands, but not at all if n is around 10 or 100. You can exploit this if (and only if) you can send large amounts of data to a program which then gets stored in a hash in the program.

To fix this you just need to patch perl to use a different hashing algorithm. I leave this as an exercise for you...

Anthony Staines

Comment on Re: hash collision DOS

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://262264]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (6)
As of 2015-11-28 11:46 GMT
Find Nodes?
    Voting Booth?

    What would be the most significant thing to happen if a rope (or wire) tied the Earth and the Moon together?

    Results (741 votes), past polls