Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re: Hash Collisions with PERL_HASH_SEED=0

by dave_the_m (Monsignor)
on Apr 06, 2018 at 08:18 UTC ( #1212405=note: print w/replies, xml ) Need Help??


in reply to Hash Collisions with PERL_HASH_SEED=0

Why would a sysadmin have set PERL_HASH_SEED=0?

Anyway, rather than brute-forcing, a real attack would use the known hash seed and the known hash algorithm, and with those known factors it's fairly trivial to offline generate a set of short strings which all map to the same hash bucket slot (but not necessarily to the same hash value, which has more bits than the number of buckets).

But no, I'm not going to explain how.

Dave.

  • Comment on Re: Hash Collisions with PERL_HASH_SEED=0

Replies are listed 'Best First'.
Re^2: Hash Collisions with PERL_HASH_SEED=0
by ikegami (Pope) on Apr 06, 2018 at 16:17 UTC

    When PERL_HASH_SEED=0 isn't used, each hash is given its own random seed at creation, and it switches to a new random seed when Perl detects a degenerate hash. So, those "known factors" can't be known without PERL_HASH_SEED=0.

Re^2: Hash Collisions with PERL_HASH_SEED=0
by jimpudar (Pilgrim) on Apr 06, 2018 at 16:12 UTC

    Hi, Dave,

    Thanks for the reply - that was very clear.

    I don't think any sysadmin would actually have PERL_HASH_SEED=0, I was just curious after reading that bit of info in perlsec.

    Looks like I'll be spending some time learning about how hash tables are implemented!

    Thanks again,

    Jim

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1212405]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (3)
As of 2019-07-17 02:45 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?