CppCMS C++ Web Framework / Bugs / #118 predictable hash function

#118 predictable hash function

Milestone: cppcms-1.2

Status: open

Owner: Artyom Beilis

Labels: None

Priority: 1

Updated: 2014-10-30

Created: 2014-04-08

Creator: Anonymous

Private: No

It's not really a bug, but i think it should be mentioned somewhere in the docs, that the hash_map and hash_map based modules (e.g caching) are not safe for all kinds of user input/user provided data - because of the predictable hash function and the resulting vulnerability to hash-DoS attacks.

Poc:

>>> def weinberg_hasher(inp):
...     h = 0
...     for c in inp:
...         h = (h << 4) + ord(c)
...         high = h & 0xF0000000
...         if high != 0:
...             h = h ^ (high >> 24) ^ high
...     return h & 0xFFFFFFFF
>>> res = [hasher("abc" * len_)  for len_ in range(10000)]
>>> len(res) # values
10000
>>> len(set(res)) # distinct values
5

Discussion

Artyom Beilis - 2014-05-23

assigned_to: Artyom Beilis

Group: v1.0_(example) --> 1.2
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Artyom Beilis - 2014-05-23

Interesting point to think about

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Anonymous

predictable hash function

Group

Searches

Help

#118 predictable hash function

Discussion