From: Dario Teixeira <darioteixeira@yahoo.com>
To: Gabriel Scherer <gabriel.scherer@gmail.com>,
David MENTRE <dmentre@linux-france.org>
Cc: Gerd Stolpmann <info@gerd-stolpmann.de>,
"Richard W.M. Jones" <rich@annexia.org>,
caml users <caml-list@inria.fr>
Subject: Re: [Caml-list] Hardening [Perl's] hash function further
Date: Tue, 19 Nov 2013 03:19:13 -0800 (PST) [thread overview]
Message-ID: <1384859953.62343.YahooMailNeo@web120403.mail.ne1.yahoo.com> (raw)
In-Reply-To: <CAPFanBGiuiYCe1Y8KKy+CB-P7xg6rkke0qU9CLpiB0xo89ziNQ@mail.gmail.com>
Hi,
> I've thought about this during the last debate on randomized hashing
> (which I think is now known to be ineffective, as implemented, to be
> secure), and I think a reasonable goal would be to use a balanced tree
> of buckets to a good worst-case, instead of fighting at the hash
> function level. As said at the time, this is what Core use, but I'm
> not sure what the bookkeeping overhead is against current hashtables.
> I hope it's possible to fight the constants to get something in the
> same performance ballpark.
Just to make sure we are all on the same page, allow me to summarise
the main points under discussion. I think we all agree on the following:
- Any hashtable implementation that uses a non-cryptographic hash function
and relies on an association list of buckets is vulnerable to attacks
that force the worst-case O(n) behaviour. Though you can buy some time
by tweaking the hash function, you are still stuck in an arms race with
attackers.
- Solution approach #1: switch to a cryptographic hash function. This
approach is simple and would solve the problem once and for all.
Unfortunately, the performance would be terrible (how much though?).
- Solution approach #2: keep the non-cryptographic hash function but use
a balanced tree for the buckets instead of an association list. This
should mitigate the worst-case scenario -- it would go from O(n) to
O(log n) -- and performance is most likely better than the first approach.
- Since this problem presents itself on limited domains, it seems unfair
to ask *all* applications to sacrifice performance to protect themselves
from non-existent attackers. Therefore, if the adopted solution does
indeed have a serious performance penalty, then it should be opt-in.
Did I miss something important? Anyway, it seems we are lacking actual
metrics to quantify the performance impact of the various approaches.
To complicate matters further, on some architectures but not on others
you may now or in the future have silicon that speeds up the calculation
of cryptographic hash functions...
Best regards,
Dario Teixeira
next prev parent reply other threads:[~2013-11-19 11:19 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-18 20:44 Richard W.M. Jones
2013-11-19 0:08 ` Gerd Stolpmann
2013-11-19 7:53 ` David MENTRE
2013-11-19 8:50 ` Richard W.M. Jones
2013-11-19 9:14 ` Gabriel Scherer
2013-11-19 11:19 ` Dario Teixeira [this message]
2013-11-19 12:55 ` rixed
2013-11-19 22:18 ` Nicolas Braud-Santoni
2013-11-19 22:39 ` Eric Cooper
2013-11-19 22:55 ` Nicolas Braud-Santoni
2013-11-25 13:46 ` Goswin von Brederlow
2013-11-19 22:31 ` Nicolas Braud-Santoni
2013-11-20 18:56 ` Florian Weimer
2013-11-20 21:47 ` Gerd Stolpmann
2013-11-25 13:51 ` Goswin von Brederlow
2013-11-25 14:43 ` Yaron Minsky
2013-11-19 22:15 ` Nicolas Braud-Santoni
2013-11-25 13:38 ` Goswin von Brederlow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1384859953.62343.YahooMailNeo@web120403.mail.ne1.yahoo.com \
--to=darioteixeira@yahoo.com \
--cc=caml-list@inria.fr \
--cc=dmentre@linux-france.org \
--cc=gabriel.scherer@gmail.com \
--cc=info@gerd-stolpmann.de \
--cc=rich@annexia.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox