What hashing algorithm is used for the D implementation of associative arrays?
via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Thu Aug 14 09:32:24 PDT 2014
On Thursday, 14 August 2014 at 13:10:58 UTC, bearophile wrote:
> Marc Schütz:
>
>> Isn't SuperFastHash vulnerable to collision attacks?
>
> D AAs used to be not vulnerable to collision attacks because
> they resolved collisions building a red-black tree for each
> bucket. Later buckets became linked lists for speed, leading to
> the current sensitivity to collision attacks. I think D is not
> yet in the stage of its development where it starts to care a
> lot about attacks.
IMO this is a _very_ dangerous stance. These kinds of attacks
became well known in 2011, when it turned out that almost all of
the commonly used languages and web frameworks were vulnerable:
http://events.ccc.de/congress/2011/Fahrplan/events/4680.en.html
It would be nice if D behaved correctly before any actual attack
becomes known.
Besides, AAs are probably already exposed to outside attackers in
vibe.d (didn't check though).
> Currently D programs are able to "attack themselves" just fine
> :-) But as usual patches are (slowly) welcome.
More information about the Digitalmars-d-learn
mailing list