What hashing algorithm is used for the D implementation of associative arrays?
H. S. Teoh via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Thu Aug 14 09:56:02 PDT 2014
On Thu, Aug 14, 2014 at 04:32:24PM +0000, via Digitalmars-d-learn wrote:
> On Thursday, 14 August 2014 at 13:10:58 UTC, bearophile wrote:
> >Marc Schütz:
> >
> >>Isn't SuperFastHash vulnerable to collision attacks?
> >
> >D AAs used to be not vulnerable to collision attacks because they
> >resolved collisions building a red-black tree for each bucket. Later
> >buckets became linked lists for speed, leading to the current
> >sensitivity to collision attacks. I think D is not yet in the stage
> >of its development where it starts to care a lot about attacks.
>
> IMO this is a _very_ dangerous stance. These kinds of attacks became
> well known in 2011, when it turned out that almost all of the commonly
> used languages and web frameworks were vulnerable:
> http://events.ccc.de/congress/2011/Fahrplan/events/4680.en.html
>
> It would be nice if D behaved correctly before any actual attack
> becomes known.
>
> Besides, AAs are probably already exposed to outside attackers in
> vibe.d (didn't check though).
[...]
PR's to fix this issue would be greatly appreciated!
T
--
Nobody is perfect. I am Nobody. -- pepoluan, GKC forum
More information about the Digitalmars-d-learn
mailing list