[Python-Dev] Status of the fix for the hash collision vulnerability
Frank Sievertsen
pydev at sievertsen.de
Fri Jan 13 09:11:47 CET 2012
Am 13.01.2012 02:24, schrieb Victor Stinner:
> My patch doesn't fix the DoS, it just make the attack more complex.
> The attacker cannot pregenerate data for an attack: (s)he has first to
> compute the hash secret, and then compute hash collisions using the
> secret. The hash secret is a least 64 bits long (128 bits on a 64 bit
> system). So I hope that computing collisions requires a lot of CPU
> time (is slow) to make the attack ineffective with today computers.
Unfortunately it requires only a few seconds to compute enough 32bit
collisions on one core with no precomputed data. I'm sure it's possible
to make this less than a second.
In fact, since hash(X) == hash(Y) is independent of the suffix [ hash(X)
^ suffix == hash(Y) ^ suffix ], a lot of precomputation (from the tail)
is possible.
So the question is: How difficult is it to guess the seed?
Frank
More information about the Python-Dev
mailing list