Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57232
Return-Path: <laruence@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 35607 invoked from network); 5 Jan 2012 08:24:32 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 5 Jan 2012 08:24:32 -0000
Authentication-Results: pb1.pair.com smtp.mail=laruence@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=laruence@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.170 as permitted sender)
X-PHP-List-Original-Sender: laruence@gmail.com
X-Host-Fingerprint: 209.85.220.170 mail-vx0-f170.google.com  
Received: from [209.85.220.170] ([209.85.220.170:57126] helo=mail-vx0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 56/B6-28877-E3E550F4 for <internals@lists.php.net>; Thu, 05 Jan 2012 03:24:31 -0500
Received: by vcdn13 with SMTP id n13so221366vcd.29
        for <internals@lists.php.net>; Thu, 05 Jan 2012 00:24:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:sender:in-reply-to:references:from:date
         :x-google-sender-auth:message-id:subject:to:cc:content-type
         :content-transfer-encoding;
        bh=HpYGxhDri0k6kAPolRQaeKwnILl5Vest3VjvRVijoMU=;
        b=xTtI5PJCGDdgukCMIPiI72snznPY80jARExVeKEDn4VXDS6p1j8U9+9+gBqY862JrG
         qhobPzSFFgb/XWIDbSfZ3lFXqaJ2HSYUXcAM/2q9kqA3G+Bhh8BJXr7FjW4vqnx2C8Qh
         wPQrRp5t1FjnjpQVXc84ioBXxDUv+56smnDNY=
Received: by 10.220.155.212 with SMTP id t20mr573513vcw.8.1325751868274; Thu,
 05 Jan 2012 00:24:28 -0800 (PST)
MIME-Version: 1.0
Sender: laruence@gmail.com
Received: by 10.220.3.14 with HTTP; Thu, 5 Jan 2012 00:24:07 -0800 (PST)
In-Reply-To: <CABBJUpcMu-DhK234pNLO0C2TnB-E6Yk1nFs2HF7uESJF4SW-yQ@mail.gmail.com>
References: <CABBJUpc7T2QZm8QiitQ0wZ5RsY=3Jwy_UERSvLT9unNYtJ1mZA@mail.gmail.com>
 <4F04A172.7080509@sugarcrm.com> <CAH-PCH5BUsrXKLtk6JWCOA8d5+2DxSke3UAnbBraJyGP-YnQnA@mail.gmail.com>
 <4F04AA8E.6020701@sugarcrm.com> <CAH-PCH6YH3ZxH5XzEm6+gsikaHjyL-pdHyAs=OnFhWqHk0CctQ@mail.gmail.com>
 <4F04AD6D.80608@php.net> <CAF+90c-6XrWJnL4vOQjjPm=N=fWrMy31wHOeXGccv+KRq5DrVw@mail.gmail.com>
 <4F04B071.8080102@php.net> <CAKxcST9NhATxVLrOVP9h2Qy9GfuuzreeVMBtH0EqdZf7jPhytg@mail.gmail.com>
 <4F04B44D.6080208@thelounge.net> <4F04BCF9.30802@lerdorf.com>
 <CAH-PCH5NLbDH9K3abJ70Z0AMjfwRNcjk5xE6aSs4cvpBR2_k5Q@mail.gmail.com>
 <4F04BF63.5060309@lerdorf.com> <4F04C427.9050202@sugarcrm.com>
 <4F04C920.9050105@lerdorf.com> <4F04CB0D.6040703@lerdorf.com>
 <CABBJUpcXFChrODjdXzhm-_qLZ7sNSQNAEWCJY_BCvXAWPxbPaA@mail.gmail.com>
 <4F054CB0.6070202@sugarcrm.com> <4F05517C.5040600@lerdorf.com>
 <4F055238.1070605@sugarcrm.com> <CABBJUpeBX3yLUq2mTe9Zft5ofUNbfey6Y3+=yh0k+8YQ1Cwo7w@mail.gmail.com>
 <4F055800.9080502@lerdorf.com> <CABBJUpf_2nTxOWy8yg+VoL1V4qMsiedCeiQmK1YoSt5DmGh+eA@mail.gmail.com>
 <CABBJUpcMu-DhK234pNLO0C2TnB-E6Yk1nFs2HF7uESJF4SW-yQ@mail.gmail.com>
Date: Thu, 5 Jan 2012 16:24:07 +0800
X-Google-Sender-Auth: 4m4cGNee_4EKzyO1L_pNgjDns1Y
Message-ID: <CABBJUpfpzDtSjhUG4y4Qci6M1o8zZLDZuk9mcQ3T1iqJi2m41Q@mail.gmail.com>
To: Rasmus Lerdorf <rasmus@lerdorf.com>
Cc: Stas Malyshev <smalyshev@sugarcrm.com>, 
	"internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] Re: another fix for max_input_vars.
From: laruence@php.net (Laruence)

On Thu, Jan 5, 2012 at 4:11 PM, Laruence <laruence@php.net> wrote:
> On Thu, Jan 5, 2012 at 4:04 PM, Laruence <laruence@php.net> wrote:
>> On Thu, Jan 5, 2012 at 3:57 PM, Rasmus Lerdorf <rasmus@lerdorf.com> wrot=
e:
>>> On 01/04/2012 11:49 PM, Laruence wrote:
>>>> Hi:
>>>> =C2=A0 there is one way =C2=A0maybe is a good try.
>>>>
>>>> =C2=A0 when resize hashtable, =C2=A0we don't just dobule the size, =C2=
=A0instead, we
>>>> increase the hashtable size with a random delta
>>>>
>>>> =C2=A0what do you think?
>>>
>>> Sorry, you lost me. How does that help? The problem is when we collide
>>> on a single hash key the resulting linked list traversion gets longer
>>> and longer as more colliding keys are added to that hashtable. Whether
>>> you double the size or grow it by some other factor doesn't change this=
.
>> No, No,
>>
>> if we increase the table size with a random delta(the nTableMask will
>> also be random), then the collision will not be predictable.
>
> I have made a patch, plz try this mechanism,
> https://bugs.php.net/patch-display.php?bug_id=3D60655&patch=3Drand_hash_r=
esize.patch&revision=3Dlatest
>
> I have tested , that works.
>
> and the patch is still a rough draft, so maybe some compile warnings..
the key point is,  increase the table size in a random delta (2 * size
+ (random_num & size_mask));

in the same time use mod(%) instead of and(&) while doing the index mapping=
.

then the attacker will be not able to  predicate the collision  ;)

thanks.
>
> thanks
>>
>> thanks
>>
>>>
>>> -Rasmus
>>>
>>
>>
>>
>> --
>> Laruence =C2=A0Xinchen Hui
>> http://www.laruence.com/
>
>
>
> --
> Laruence =C2=A0Xinchen Hui
> http://www.laruence.com/



--=20
Laruence =C2=A0Xinchen Hui
http://www.laruence.com/