|go ahead... be a heretic|
Re: Hash Clash on purposeby BrowserUk (Pope)
|on Jun 03, 2003 at 04:08 UTC||Need Help??|
Currently, circa. 5.8.0, the hashing value for a new hash is initialised to 0.
Would initialising this to a random 32-bit value chosen fresh for each hash at runtime, largely elleviate if not entirely suppress the possibility of a hash_clash attack against a perl hash-based system?
Whilst it would still be possible to compute 48 generators that could be combined as described in the article for any given initialisation of the hash, computing them for all possible 2**31 possible initialisations would be considerably more expensive. Finding a way of determining which initialisation had been randomly chosen for any given hash, of any given start of any given program on any given system renders choosing the right set of 48 generators almost impossible?
Or am I missing something obvious again?
Update:The change I was proposing would affect the following code from hv.c:59 (as of 5.8.0).
Examine what is said, not who speaks."Efficiency is intelligent laziness." -David Dunham
"When I'm working on a problem, I never think about beauty. I think only how to solve the problem. But when I have finished, if the solution is not beautiful, I know it is wrong." -Richard Buckminster Fuller