apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bojan Smojver" <bo...@rexursive.com>
Subject Re: Hash collision vectors in APR?
Date Tue, 17 Jan 2012 09:00:14 GMT
------- Original message -------
> From: Joe Orton

>    (hash(key) * ht->pure_random_number) % ht->max
>
> where ht->max is 15 by default.  So you "merely" have to increase the
> size of the input by 15 to produce at least the same overhead; the
> attacker must generate 15n keys to ensure they hit all the buckets.  The
> attack is still quadratic time.

At hash size of 15 we are probably not going to hit computational limits. 
However, if the hash is say 511 in size (because it will grow and is always 
the size of a power of two minus one), the attacker will then (according to 
the above maths) have to provide 500 times more input to hit the problem. 
That may be more difficult. Right?

--
Bojan 

Mime
View raw message