← Back to index | Original Bugzilla link

Bug 7179 – Hash algorithm vulnerable to algorithmic complexity attacks

Status
NEW
Severity
critical
Priority
P2
Component
druntime
Product
D
Version
D2
Platform
Other
OS
All
Creation time
2011-12-28T22:24:41Z
Last change time
2024-12-07T13:31:44Z
Keywords
bootcamp
Assigned to
No Owner
Creator
Walter Bright
Moved to GitHub: dmd#17116 →

Comments

Comment #0 by bugzilla — 2011-12-28T22:24:41Z
http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf The hash functions used in the associative array implementation have a worst case performance of O(n*n). This can be exploited to produce denial-of-service attacks on a web service using these hash functions. The paper suggests ways to mitigate it.
Comment #1 by bugzilla — 2011-12-28T22:25:42Z
More info: http://news.ycombinator.com/item?id=3401900
Comment #2 by bugzilla — 2011-12-29T13:38:03Z
http://developers.slashdot.org/story/11/12/29/1352219/microsoft-issuing-unusual-out-of-band-security-update
Comment #3 by dfj1esp02 — 2016-10-17T17:13:43Z
*** Issue 14414 has been marked as a duplicate of this issue. ***
Comment #4 by dfj1esp02 — 2016-10-17T17:14:53Z
See issue 14414, maybe setting a seed is enough?
Comment #5 by robert.schadek — 2024-12-07T13:31:44Z
THIS ISSUE HAS BEEN MOVED TO GITHUB https://github.com/dlang/dmd/issues/17116 DO NOT COMMENT HERE ANYMORE, NOBODY WILL SEE IT, THIS ISSUE HAS BEEN MOVED TO GITHUB