Message152754
> Agreed; it tops out with a constant, but if it takes only 16 bytes of
> input to force another run through a 1000-long collision, that may
> still be too much leverage.
You should prepare the dict so that you have the collisions-run with a one-byte string or better with an even empty string, not a 16 bytes string.
> BTW: If you set the limit N to e.g. 100 (which is reasonable given
> Victor's and my tests),
100 is probably hard to exploit for a DoS attack. However
it makes it much easier to cause unwanted (future?) exceptions in
other apps.
> So it would take around 3Mb to cause a minute's delay...
How did you calculate that? |
|
Date |
User |
Action |
Args |
2012-02-06 18:53:41 | fx5 | set | recipients:
+ fx5, lemburg, gvanrossum, tim.peters, loewis, barry, georg.brandl, terry.reedy, gregory.p.smith, jcea, mark.dickinson, pitrou, vstinner, christian.heimes, benjamin.peterson, eric.araujo, grahamd, Arfrever, v+python, alex, zbysz, skrah, dmalcolm, gz, neologix, Arach, Mark.Shannon, eric.snow, Zhiping.Deng, Huzaifa.Sidhpurwala, Jim.Jewett, PaulMcMillan, skorgu |
2012-02-06 18:53:41 | fx5 | set | messageid: <1328554421.26.0.580912085318.issue13703@psf.upfronthosting.co.za> |
2012-02-06 18:53:40 | fx5 | link | issue13703 messages |
2012-02-06 18:53:40 | fx5 | create | |
|