Re^10: Hash order randomization is coming, are you ready?

5.17.6 returned things to roughly where they were in 5.8.1.

Okay. Thanks for that. I was party to some of thr discussion for the 5.8.1 randomisation, so that makes sense to me.

Somewhat related is the actual hash function in 5.17.6 is different from 5.17.5, and we probably will use a yet again different hash function in 5.18.

Can you explain why the hash function has changed? And what is has changed (is going to change) to?

A reference to background material regarding the selection and testing of the new hash functions whould be interesting and useful.

And if I have my way hashes will be randomized on a per hash level as well.

Could you briefly explain why you would do that? What it would achieve or prevent?

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

RIP Neil Armstrong

Comment on Re^10: Hash order randomization is coming, are you ready?

Replies are listed 'Best First'.
Re^11: Hash order randomization is coming, are you ready? by demerphq (Chancellor) on Dec 04, 2012 at 06:41 UTC
Prevention of algorithmic complexity attacks. --- $world=~s/war/peace/g	[reply]
Re^12: Hash order randomization is coming, are you ready? by BrowserUk (Patriarch) on Dec 04, 2012 at 06:59 UTC
Prevention of algorithmic complexity attacks. Hm. That is reasoning for randomising the seed for the hashing algorithm; but not reasoning for changing the hash algorithm itself. It also doesn't explain why you would do it on a hash-by-hash basis rather than a per-process basis. I don't get the reluctance to share this information? With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday' Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". In the absence of evidence, opinion is indistinguishable from prejudice. RIP Neil Armstrong	[reply]
Re^13: Hash order randomization is coming, are you ready? by demerphq (Chancellor) on Dec 04, 2012 at 07:45 UTC
but not reasoning for changing the hash algorithm itself Sure it is. A strong hash function is harder to attack. why you would do it on a hash-by-hash basis rather than a per-process basis. Concerns over information exposure of key order to an attacker. I don't get the reluctance to share this information? If there is any reluctance it is purely that of me wanting to avoid a long dialog repeating what has already been said elsewhere. I have a lot of demands on my time these days. --- $world=~s/war/peace/g	[reply]
Re^14: Hash order randomization is coming, are you ready? by Anonymous Monk on Dec 04, 2012 at 08:14 UTC
Re^15: Hash order randomization is coming, are you ready? by demerphq (Chancellor) on Dec 04, 2012 at 10:03 UTC
Some notes below your chosen depth have not been shown here
Re^14: Hash order randomization is coming, are you ready? by BrowserUk (Patriarch) on Dec 04, 2012 at 08:24 UTC
Re^15: Hash order randomization is coming, are you ready? by demerphq (Chancellor) on Dec 04, 2012 at 10:01 UTC
Some notes below your chosen depth have not been shown here


Syntactic Confectionery Delight
	PerlMonks