Message152740
On Mon, Feb 6, 2012 at 8:12 AM, Marc-Andre Lemburg
<report@bugs.python.org> wrote:
>
> Marc-Andre Lemburg <mal@egenix.com> added the comment:
>
> Antoine Pitrou wrote:
>>
>> The simple collision counting approach leaves a gaping hole open, as
>> demonstrated by Frank.
> Could you elaborate on this ?
> Note that I've updated the collision counting patch to cover both
> possible attack cases I mentioned in http://bugs.python.org/issue13703#msg150724.
> If there's another case I'm unaware of, please let me know.
The problematic case is, roughly,
(1) Find out what N will trigger collision-counting countermeasures.
(2) Insert N-1 colliding entries, to make it as slow as possible.
(3) Keep looking up (or updating) the N-1th entry, so that the
slow-as-possible-without-countermeasures path keeps getting rerun. |
|
Date |
User |
Action |
Args |
2012-02-06 15:47:08 | Jim.Jewett | set | recipients:
+ Jim.Jewett, lemburg, gvanrossum, tim.peters, loewis, barry, georg.brandl, terry.reedy, gregory.p.smith, jcea, mark.dickinson, pitrou, vstinner, christian.heimes, benjamin.peterson, eric.araujo, grahamd, Arfrever, v+python, alex, zbysz, skrah, dmalcolm, gz, neologix, Arach, Mark.Shannon, eric.snow, Zhiping.Deng, Huzaifa.Sidhpurwala, PaulMcMillan, fx5, skorgu |
2012-02-06 15:47:07 | Jim.Jewett | link | issue13703 messages |
2012-02-06 15:47:07 | Jim.Jewett | create | |
|