apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: Hash collision vectors in APR?
Date Thu, 05 Jan 2012 18:35:50 GMT
On Thu, Jan 5, 2012 at 12:45 PM, William A. Rowe Jr.
<wrowe@rowe-clan.net> wrote:
> http://www.nruns.com/_downloads/advisory28122011.pdf
>
> Should we add some randomization to prevent abuse?
>
> It's hard to anticipate how folks might leverage apr, and how malicious
> folks might then seek to exploit computational workload vectors.
>
> Thoughts?

We don't want to say "go fish" to APR applications if our hash plus
their vector results in an exploit.

Mime
View raw message