pirk-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PIRK-74) Information leakage through predictable failed hash keys
Date Thu, 27 Oct 2016 21:58:58 GMT

    [ https://issues.apache.org/jira/browse/PIRK-74?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15613359#comment-15613359
] 

ASF GitHub Bot commented on PIRK-74:
------------------------------------

Github user asfgit closed the pull request at:

    https://github.com/apache/incubator-pirk/pull/111


> Information leakage through predictable failed hash keys
> --------------------------------------------------------
>
>                 Key: PIRK-74
>                 URL: https://issues.apache.org/jira/browse/PIRK-74
>             Project: PIRK
>          Issue Type: Bug
>            Reporter: Jacob Wilder
>            Assignee: Jacob Wilder
>              Labels: security
>             Fix For: 0.3.0
>
>
> Given that “If we have hash collisions over our selector set, we will append integers
to the key starting with 0 until we no longer have collisions” if an attacker sees that
the hash key is one with integers on the end and the space for selectors is well defined (or
the attacker has a hunch about what the actually-selected selector space looks like) they
could feed either all or subsets of their probable-selector pool into the keyed hash function
given keys with lower integers and look for collisions. The higher the key has been incremented
the more leaks possible (it’s unlikely the same two selectors caused collisions with different
hash keys).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message