Message158736
Unsupported provider
Fix of this http://bugs.python.org/issue13703 is broken.
tl;dr: There only 256 different hash functions (compare it to size of _Py_HashSecret prefix and suffix). And whether keys collide or not depends only on the last 8 bits of prefix.
Problem with current randomization of hash function is following:
Suffix does not influence whether two keys have some hash or not (it is xor-ed after everything).
Everything except last 8 bits in prefix does not influence it also. Try adding 0x474200 to prefix and see what happens (it will add 0x474200 to resulting hash).
To make a DoS attack, attacker must do the following:
Generate sets of colliding keys for every 256 possible combinations of last 8 bits. Try each one of these sets - one will have significantly bigger response time, and then repeat this one. |
|
Date |
User |
Action |
Args |
2012-04-19 17:58:09 | Vlado.Boza | set | recipients:
+ Vlado.Boza |
2012-04-19 17:58:09 | Vlado.Boza | set | messageid: <1334858289.64.0.441945117447.issue14621@psf.upfronthosting.co.za> |
2012-04-19 17:58:09 | Vlado.Boza | link | issue14621 messages |
2012-04-19 17:58:08 | Vlado.Boza | create | |
|