Message152755
Jim Jewett wrote:
>
>> BTW: If you set the limit N to e.g. 100 (which is reasonable given
>> Victor's and my tests),
>
> Agreed. Frankly, I think 5 would be more than reasonable so long as
> there is a fallback.
>
>> the time it takes to process one of those
>> sets only takes 0.3 ms on my machine. That's hardly usable as basis
>> for an effective DoS attack.
>
> So it would take around 3Mb to cause a minute's delay...
I'm not sure how you calculated that number.
Here's what I get: tale a dictionary with 100 integer collisions:
d = dict((x*(2**64 - 1), 1) for x in xrange(1, 100))
The repr(d) has 2713 bytes, which is a good approximation of how
much (string) data you have to send in order to trigger the
problem case.
If you can create 3333 distinct integer sequences, you'll get a
processing time of about 1 second on my slow dev machine. The
resulting dict will likely have a repr() of around
60*3333*2713 = 517MB.
So you need to send 517MB to cause my slow dev machine to consume
1 minute of CPU time. Today's servers are at least 10 times as fast as
my aging machine.
If you then take into account that the integer collision dictionary
is a very efficient collision example (size vs. effect), the attack
doesn't really sound practical anymore. |
|
Date |
User |
Action |
Args |
2012-02-06 18:54:51 | lemburg | set | recipients:
+ lemburg, gvanrossum, tim.peters, loewis, barry, georg.brandl, terry.reedy, gregory.p.smith, jcea, mark.dickinson, pitrou, vstinner, christian.heimes, benjamin.peterson, eric.araujo, grahamd, Arfrever, v+python, alex, zbysz, skrah, dmalcolm, gz, neologix, Arach, Mark.Shannon, eric.snow, Zhiping.Deng, Huzaifa.Sidhpurwala, Jim.Jewett, PaulMcMillan, fx5, skorgu |
2012-02-06 18:54:50 | lemburg | link | issue13703 messages |
2012-02-06 18:54:49 | lemburg | create | |
|