D issues are now tracked on GitHub. This Bugzilla instance remains as a read-only archive.
Issue 7179 - Hash algorithm vulnerable to algorithmic complexity attacks
Summary: Hash algorithm vulnerable to algorithmic complexity attacks
Status: NEW
Alias: None
Product: D
Classification: Unclassified
Component: druntime (show other issues)
Version: D2
Hardware: Other All
: P2 critical
Assignee: No Owner
URL:
Keywords: bootcamp
: 14414 (view as issue list)
Depends on:
Blocks:
 
Reported: 2011-12-28 22:24 UTC by Walter Bright
Modified: 2024-12-07 13:31 UTC (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description Walter Bright 2011-12-28 22:24:41 UTC 
http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf

The hash functions used in the associative array implementation have a worst case performance of O(n*n). This can be exploited to produce denial-of-service attacks on a web service using these hash functions. The paper suggests ways to mitigate it.
Comment 1 Walter Bright 2011-12-28 22:25:42 UTC 
More info: http://news.ycombinator.com/item?id=3401900
Comment 3 anonymous4 2016-10-17 17:13:43 UTC 
*** Issue 14414 has been marked as a duplicate of this issue. ***
Comment 4 anonymous4 2016-10-17 17:14:53 UTC 
See issue 14414, maybe setting a seed is enough?
Comment 5 dlangBugzillaToGithub 2024-12-07 13:31:44 UTC 
THIS ISSUE HAS BEEN MOVED TO GITHUB

https://github.com/dlang/dmd/issues/17116

DO NOT COMMENT HERE ANYMORE, NOBODY WILL SEE IT, THIS ISSUE HAS BEEN MOVED TO GITHUB