[Issue 7179] New: Hash algorithm vulnerable to algorithmic complexity attacks

Dec 29, 2011

Walter Bright

Dec 29, 2011

Walter Bright

Dec 29, 2011

Walter Bright

December 29, 2011

[Issue 7179] New: Hash algorithm vulnerable to algorithmic complexity attacks

Posted by Walter Bright

Permalink

Walter Bright

Permalink

http://d.puremagic.com/issues/show_bug.cgi?id=7179

           Summary: Hash algorithm vulnerable to algorithmic complexity
                    attacks
           Product: D
           Version: D1 & D2
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: druntime
        AssignedTo: nobody@puremagic.com
        ReportedBy: bugzilla@digitalmars.com


--- Comment #0 from Walter Bright <bugzilla@digitalmars.com> 2011-12-28 22:24:41 PST ---
http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf

The hash functions used in the associative array implementation have a worst case performance of O(n*n). This can be exploited to produce denial-of-service attacks on a web service using these hash functions. The paper suggests ways to mitigate it.

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------

http://d.puremagic.com/issues/show_bug.cgi?id=7179 --- Comment #1 from Walter Bright <bugzilla@digitalmars.com> 2011-12-28 22:25:42 PST --- More info: http://news.ycombinator.com/item?id=3401900 -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------

http://d.puremagic.com/issues/show_bug.cgi?id=7179 --- Comment #2 from Walter Bright <bugzilla@digitalmars.com> 2011-12-29 13:38:03 PST --- http://developers.slashdot.org/story/11/12/29/1352219/microsoft-issuing-unusual-out-of-band-security-update -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------

Forums