pirk-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PIRK-74) Information leakage through predictable failed hash keys
Date Thu, 20 Oct 2016 19:20:58 GMT

    [ https://issues.apache.org/jira/browse/PIRK-74?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15592727#comment-15592727
] 

ASF GitHub Bot commented on PIRK-74:
------------------------------------

Github user tellison commented on the issue:

    https://github.com/apache/incubator-pirk/pull/111
  
    Ripe for a test case then!


> Information leakage through predictable failed hash keys
> --------------------------------------------------------
>
>                 Key: PIRK-74
>                 URL: https://issues.apache.org/jira/browse/PIRK-74
>             Project: PIRK
>          Issue Type: Bug
>            Reporter: Jacob Wilder
>            Assignee: Jacob Wilder
>              Labels: security
>
> Given that “If we have hash collisions over our selector set, we will append integers
to the key starting with 0 until we no longer have collisions” if an attacker sees that
the hash key is one with integers on the end and the space for selectors is well defined (or
the attacker has a hunch about what the actually-selected selector space looks like) they
could feed either all or subsets of their probable-selector pool into the keyed hash function
given keys with lower integers and look for collisions. The higher the key has been incremented
the more leaks possible (it’s unlikely the same two selectors caused collisions with different
hash keys).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message