Author Vlado.Boza
Recipients Vlado.Boza
Date 2012-04-19.17:58:08
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1334858289.64.0.441945117447.issue14621@psf.upfronthosting.co.za>
In-reply-to
Content
Fix of this http://bugs.python.org/issue13703 is broken.

tl;dr: There only 256 different hash functions (compare it to size of _Py_HashSecret prefix and suffix). And whether keys collide or not depends only on the last 8 bits of prefix. 

Problem with current randomization of hash function is following:
Suffix does not influence whether two keys have some hash or not (it is xor-ed after everything). 
Everything except last 8 bits in prefix does not influence it also. Try adding 0x474200 to prefix and see what happens (it will add 0x474200 to resulting hash). 

To make a DoS attack, attacker must do the following:
Generate sets of colliding keys for every 256 possible combinations of last 8 bits. Try each one of these sets - one will have significantly bigger response time, and then repeat this one.
History
Date User Action Args
2012-04-19 17:58:09Vlado.Bozasetrecipients: + Vlado.Boza
2012-04-19 17:58:09Vlado.Bozasetmessageid: <1334858289.64.0.441945117447.issue14621@psf.upfronthosting.co.za>
2012-04-19 17:58:09Vlado.Bozalinkissue14621 messages
2012-04-19 17:58:08Vlado.Bozacreate