in reply to Re^2: Truly randomized keys() in perl 5.17 - a challenge for testing?
in thread Truly randomized keys() in perl 5.17 - a challenge for testing?
In demerphq's own words:
bulk88> I disagree there is a measurable cost to the current implementation of
bulk88> REHASH. If the rehash code is so rare, maybe it should be removed from
bulk88> hv_common and placed in its own func, but looking at the asm, the
bulk88> overhead is so tiny I dont think the rehash code even matters compared
bulk88> to the rest of the design of hv_common. I don't see any performance
bulk88> gains by removing it.
demerphq Yes, I am unable to show any actual performance gains either.
So, not for performance (gain) reasoning.
Also in his own words:
demerphq So I think that the current rehash mechanism is about as secure as the random hash seed proposal.
And:
demerphqPersonally I dont think its worth the effort of doing much more than thinking about this until someone demonstrates at least a laboratory grade attack. IMO in a real world environment with multi-host web sites, web servers being restarted, load balancers, and etc, that simple hash randomization is sufficient. Seems like any attack would require large numbers of fetch/response cycles and in general would just not be effective in a real production environment. I would assume that the administrators would notice the weird request pattern before an attacker could discover enough information to cause damage. Same argument for non-web services IMO.
And it doesn't make anything more secure.
And Dave_the_m said:
Indeed, based on the thread starting at
Message-ID: <2003101002...@perlsupport.com>
it looks like the primary motivation for moving to rehash was to restore the binary compatibility within the 5.8.x branch inadvertently broken by 5.8.1.
I'm not particularly keen on having hashes always randomised - it makes debugging harder, and reproducing a reported issue nigh-on impossible; but if Yves can show a measurable performance gain without the rehash checks, then I'll approve, as long as the hash seed can still be initialised with the env var PERL_HASH_SEED=0 - otherwise debugging becomes impossible.
Which mirrors the OPs objections.
So, significant consequences
So, why? What did Perl gain?