Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris

Re^15: Hash order randomization is coming, are you ready?

by demerphq (Chancellor)
on Dec 04, 2012 at 10:01 UTC ( #1007043=note: print w/replies, xml ) Need Help??

in reply to Re^14: Hash order randomization is coming, are you ready?
in thread Hash order randomization is coming, are you ready?

With respect, that is garbage

With respect I think you are under informed. See SipHash and the documented attacks on various hash functions. A strong hash does not allow one to predict the hash value of a given string even if one knows the hash value of any other string assuming one does not know the seed.

. If the "attacker" has sufficient access to be able to determine the per-process seeding

Exposing key order provides an attacker information that can be used to eventually deduce the seed. Randomizing per hash means that this information is useless. We know that much code exposes key order without realizing it.

Would copy/pasting taking so much timeand effort?

Would *reading* what has been written be so much time and effort? I don't mind explaining if you genuinely do not understand what has been said, but the impression I have is that you are unwilling to read what has already been written and would prefer to interrogate me about the same points while being offensive in the process. Eg, using big bold to repeat things I already said, ignoring what has been said (such as "per process randomization") and accusing me of talking garbage.


  • Comment on Re^15: Hash order randomization is coming, are you ready?

Replies are listed 'Best First'.
Re^16: Hash order randomization is coming, are you ready?
by BrowserUk (Patriarch) on Dec 04, 2012 at 17:00 UTC
    See SipHash

    Thank you. That's all I've been asking for. (Shame I had to goad it out of you.)

    With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    "Science is about questioning the status quo. Questioning authority".
    In the absence of evidence, opinion is indistinguishable from prejudice.

    RIP Neil Armstrong

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1007043]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (3)
As of 2022-01-25 16:33 GMT
Find Nodes?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:

    Results (67 votes). Check out past polls.