https://sourceforge.net/p/cppcms/bugs/118/Recent changes to 118: predictable hash functionenFri, 23 May 2014 14:11:03 -0000https://sourceforge.net/p/cppcms/bugs/118/?limit=25#6396<div class="markdown_content"><p>Interesting point to think about</p></div>Artyom BeilisFri, 23 May 2014 14:11:03 -0000https://sourceforge.netbc446b4882f9144092cd184a1365597e15b22c01https://sourceforge.net/p/cppcms/bugs/118/?limit=25#15f1<div class="markdown_content"><ul> <li><strong>assigned_to</strong>: Artyom Beilis</li> <li><strong>Group</strong>: v1.0_(example) --&gt; 1.2</li> </ul></div>Artyom BeilisFri, 23 May 2014 14:10:52 -0000https://sourceforge.net26dbedbef5125def2d77e5dd84e492e93d7c5c2fhttps://sourceforge.net/p/cppcms/bugs/118/<div class="markdown_content"><p>It's not really a bug, but i think it should be mentioned somewhere in the docs, that the hash_map and hash_map based modules (e.g caching) are not safe for all kinds of user input/user provided data - because of the predictable hash function and the resulting vulnerability to hash-DoS attacks.</p> <p>Poc:</p> <div class="codehilite"><pre><span class="o">&gt;&gt;&gt;</span> <span class="n">def</span> <span class="n">weinberg_hasher</span><span class="p">(</span><span class="n">inp</span><span class="p">)</span><span class="o">:</span> <span class="p">...</span> <span class="n">h</span> <span class="o">=</span> <span class="mi">0</span> <span class="p">...</span> <span class="k">for</span> <span class="n">c</span> <span class="n">in</span> <span class="n">inp</span><span class="o">:</span> <span class="p">...</span> <span class="n">h</span> <span class="o">=</span> <span class="p">(</span><span class="n">h</span> <span class="o">&lt;&lt;</span> <span class="mi">4</span><span class="p">)</span> <span class="o">+</span> <span class="n">ord</span><span class="p">(</span><span class="n">c</span><span class="p">)</span> <span class="p">...</span> <span class="n">high</span> <span class="o">=</span> <span class="n">h</span> <span class="o">&amp;</span> <span class="mh">0xF0000000</span> <span class="p">...</span> <span class="k">if</span> <span class="n">high</span> <span class="o">!=</span> <span class="mi">0</span><span class="o">:</span> <span class="p">...</span> <span class="n">h</span> <span class="o">=</span> <span class="n">h</span> <span class="o">^</span> <span class="p">(</span><span class="n">high</span> <span class="o">&gt;&gt;</span> <span class="mi">24</span><span class="p">)</span> <span class="o">^</span> <span class="n">high</span> <span class="p">...</span> <span class="k">return</span> <span class="n">h</span> <span class="o">&amp;</span> <span class="mh">0xFFFFFFFF</span> <span class="o">&gt;&gt;&gt;</span> <span class="n">res</span> <span class="o">=</span> <span class="p">[</span><span class="n">hasher</span><span class="p">(</span><span class="s">&quot;abc&quot;</span> <span class="o">*</span> <span class="n">len_</span><span class="p">)</span> <span class="k">for</span> <span class="n">len_</span> <span class="n">in</span> <span class="n">range</span><span class="p">(</span><span class="mi">10000</span><span class="p">)]</span> <span class="o">&gt;&gt;&gt;</span> <span class="n">len</span><span class="p">(</span><span class="n">res</span><span class="p">)</span> <span class="err">#</span> <span class="n">values</span> <span class="mi">10000</span> <span class="o">&gt;&gt;&gt;</span> <span class="n">len</span><span class="p">(</span><span class="n">set</span><span class="p">(</span><span class="n">res</span><span class="p">))</span> <span class="err">#</span> <span class="n">distinct</span> <span class="n">values</span> <span class="mi">5</span> </pre></div> </div>AnonymousTue, 08 Apr 2014 20:02:27 -0000https://sourceforge.net6df5dba610b7e856f2c844910f070fab569ab5d5https://sourceforge.net/p/cppcms/bugs/118/<div class="markdown_content"><p>Ticket 118 has been modified: predictable hash function<br /> Edited By: Artyom Beilis (artyom-beilis)<br /> <em>milestone updated: u'v1.0</em>(example)' =&gt; u'1.2'<br /> Owner updated: None =&gt; u'artyom-beilis'</p></div>AnonymousTue, 08 Apr 2014 20:02:27 -0000https://sourceforge.netaca42ef3c8fe0b12a0c2c6227082d8cb3aad95ba