pirk-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PIRK-74) Information leakage through predictable failed hash keys
Date Wed, 26 Oct 2016 17:43:58 GMT

    [ https://issues.apache.org/jira/browse/PIRK-74?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15609135#comment-15609135

ASF GitHub Bot commented on PIRK-74:

Github user ellisonanne commented on the issue:

    Will wait a couple of days before merging to see if anyone else has comments

> Information leakage through predictable failed hash keys
> --------------------------------------------------------
>                 Key: PIRK-74
>                 URL: https://issues.apache.org/jira/browse/PIRK-74
>             Project: PIRK
>          Issue Type: Bug
>            Reporter: Jacob Wilder
>            Assignee: Jacob Wilder
>              Labels: security
> Given that “If we have hash collisions over our selector set, we will append integers
to the key starting with 0 until we no longer have collisions” if an attacker sees that
the hash key is one with integers on the end and the space for selectors is well defined (or
the attacker has a hunch about what the actually-selected selector space looks like) they
could feed either all or subsets of their probable-selector pool into the keyed hash function
given keys with lower integers and look for collisions. The higher the key has been incremented
the more leaks possible (it’s unlikely the same two selectors caused collisions with different
hash keys).

This message was sent by Atlassian JIRA

View raw message