Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57311 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 85961 invoked from network); 9 Jan 2012 19:01:17 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 9 Jan 2012 19:01:17 -0000 Authentication-Results: pb1.pair.com header.from=johncrenshaw@priacta.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=johncrenshaw@priacta.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain priacta.com designates 64.95.72.244 as permitted sender) X-PHP-List-Original-Sender: johncrenshaw@priacta.com X-Host-Fingerprint: 64.95.72.244 mxout.myoutlookonline.com Received: from [64.95.72.244] ([64.95.72.244:23047] helo=mxout.myoutlookonline.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 0F/58-46289-B793B0F4 for ; Mon, 09 Jan 2012 14:01:16 -0500 Received: from mxout.myoutlookonline.com (localhost [127.0.0.1]) by mxout.myoutlookonline.com (Postfix) with ESMTP id AEEB6416EDB; Mon, 9 Jan 2012 14:01:12 -0500 (EST) X-Virus-Scanned: by SpamTitan at mail.lan Received: from HUB023.mail.lan (unknown [10.110.2.1]) by mxout.myoutlookonline.com (Postfix) with ESMTP id 304F3416FCD; Mon, 9 Jan 2012 14:01:09 -0500 (EST) Received: from MAILR001.mail.lan ([10.110.18.27]) by HUB023.mail.lan ([10.110.17.23]) with mapi; Mon, 9 Jan 2012 13:59:59 -0500 To: Nikita Popov , Xinchen Hui CC: Pierre Joye , PHP internals , =?iso-8859-1?Q?Johannes_Schl=FCter?= , Laruence Date: Mon, 9 Jan 2012 14:00:16 -0500 Thread-Topic: [PHP-DEV] Re: 5.3.9, Hash DoS, release Thread-Index: AczO73xE1C0cVEnzRD2i5rklHa90sAADQ+Uw Message-ID: References: <6268389813742875794@unknownmsgid> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: RE: [PHP-DEV] Re: 5.3.9, Hash DoS, release From: johncrenshaw@priacta.com (John Crenshaw) > -----Original Message----- > From: Nikita Popov [mailto:nikita.ppv@googlemail.com]=20 > Sent: Monday, January 09, 2012 11:54 AM > To: Xinchen Hui > Cc: Pierre Joye; PHP internals; Johannes Schl=FCter; Laruence > Subject: Re: [PHP-DEV] Re: 5.3.9, Hash DoS, release > > On Mon, Jan 9, 2012 at 5:36 PM, Xinchen Hui wrote: > > Hi: > > =A0 I have a new idea, which is simple and also works for Jason/seriali= zed etc. > > > > =A0That is Restricting a max length of a buckets list in a hash table. > > > > =A0 If a bucket's length exceed 1024, any insertion into this bucket=20 > > will return failure and a warning will be generated. > > > > =A0 What do you think? > > That seems like a very good approach (until we have randomization). It wo= uld > fix the issue in a generic way so not all functions need to be patched on= e by > one. It also will not hurt legit uses of many POST variables (or large > serialized arrays). > > -- > PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visi= t: http://www.php.net/unsub.php Yuck. Bad idea. Collisions happen, and for most hash algorithms there are p= lenty of perfectly likely key sequences that will collide badly. There are two problems here: 1. Large data sets have the potential to behave poorly if things collide ba= dly 2. An attacker may initiate a DoS attack by supplying a large set of data t= hat is known to collide badly To mitigate the impact of collisions, how about using a dynamic bucket beha= vior? Use a flat list for small/medium buckets, switch to a second level of= hashing if the bucket grows beyond a certain size. Something like md5 coul= d be used as part of the hash key calculation at deeper levels to ensure th= at the buckets don't infinitely collide. This covers the basic performance = implications. To prevent DoS, it has to be impossible for a malicious user to compute a p= roblematic sequence of data. If the bucket level key computation includes a= n additional cryptographic transformation of any sort using a secret value = unique to the machine (or unique to the process) that is handling the reque= st, it would be impossible for an attacker to compute a problematic sequenc= e of keys, which should close the door on DoS. John Crenshaw Priacta, Inc.