[issue13703] Hash collision security issue
Terry J. Reedy
report at bugs.python.org
Thu Jan 19 02:15:25 CET 2012
Terry J. Reedy <tjreedy at udel.edu> added the comment:
> You mean as a fix or that they successfully attacked a collision-counting
> system?
Successful anticipation and blocking of hash attack: after a chain of
100 DNS 'treats the request as a cache miss'. What is somewhat special
for this app is being able to bail at that point. Crosby & Wallach still
think 'his fix could be improved', I presume by using one of their
recommended hashes.
http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf
section 3.2, DJB DNS server; section 5, fixes
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list