[Issue 7179] New: Hash algorithm vulnerable to algorithmic complexity attacks
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Wed Dec 28 22:24:44 PST 2011
http://d.puremagic.com/issues/show_bug.cgi?id=7179
Summary: Hash algorithm vulnerable to algorithmic complexity
attacks
Product: D
Version: D1 & D2
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: druntime
AssignedTo: nobody at puremagic.com
ReportedBy: bugzilla at digitalmars.com
--- Comment #0 from Walter Bright <bugzilla at digitalmars.com> 2011-12-28 22:24:41 PST ---
http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf
The hash functions used in the associative array implementation have a worst
case performance of O(n*n). This can be exploited to produce denial-of-service
attacks on a web service using these hash functions. The paper suggests ways to
mitigate it.
--
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
More information about the Digitalmars-d-bugs
mailing list