Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Comment on

( #3333=superdoc: print w/ replies, xml ) Need Help??
but not reasoning for changing the hash algorithm itself -- Sure it is. A strong hash function is harder to attack.

With respect, that is garbage. The way the original algorithmic complexity attack was constructed, was to simply hash a mess of random strings of a given length and see which one's hashed to the same value. As soon as anyone gets their hands on the release that contains a different hashing function, the "strength of the hashing function" -- a totally meaningless measure in this context -- is completely negated.

Only the reliability of the randomised seed provides any protection whatsoever.

why you would do it on a hash-by-hash basis rather than a per-process basis. -- Concerns over information exposure of key order to an attacker.

Unfounded (and illogical) concerns. If the "attacker" has sufficient access to be able to determine the per-process seeding, they have sufficient access to have far simpler and more effective attack vectors.

Like fitting an anchor to a car or an air brake to a submarine, the extra prophylactic serves no purpose.

If there is any reluctance it is purely that of me wanting to avoid a long dialog repeating what has already been said elsewhere.

I see. So we users of this modification shouldn't be concerning our simple selves with the difficult details of this change huh?

Would copy/pasting taking so much timeand effort? Even a link to the existing discussion would have sufficed.

But fear not, I'm not asking you to argue your case here. I've already heard enough to realise that this is tinkering for it's own sake, rather than justifiable development.


With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.

RIP Neil Armstrong


In reply to Re^14: Hash order randomization is coming, are you ready? by BrowserUk
in thread Hash order randomization is coming, are you ready? by demerphq

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • Outside of code tags, you may need to use entities for some characters:
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others pondering the Monastery: (5)
    As of 2014-12-26 23:49 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      Is guessing a good strategy for surviving in the IT business?





      Results (176 votes), past polls