Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:58993
Return-Path: <tjerk.meesters@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 79195 invoked from network); 18 Mar 2012 05:56:36 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 18 Mar 2012 05:56:36 -0000
Authentication-Results: pb1.pair.com header.from=tjerk.meesters@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=tjerk.meesters@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.170 as permitted sender)
X-PHP-List-Original-Sender: tjerk.meesters@gmail.com
X-Host-Fingerprint: 209.85.161.170 mail-gx0-f170.google.com  
Received: from [209.85.161.170] ([209.85.161.170:48075] helo=mail-gx0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 9B/21-63274-419756F4 for <internals@lists.php.net>; Sun, 18 Mar 2012 00:56:36 -0500
Received: by ggmb2 with SMTP id b2so5682247ggm.29
        for <internals@lists.php.net>; Sat, 17 Mar 2012 22:56:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:cc:content-type;
        bh=+OUhuCltpM1eiX+EnZxRrqzYzO7gpofLPwDIkcgU2qc=;
        b=PGxs6seLYV/flJHoA6smLzeMjEU3OxsZrkOoFOALkVbrp35n906oRcELXfkA3Zxw0z
         yhFHq/T3JOZVVRA+GujUCzU2ANdc/MbJ+H4Wya3VSPzWAvsgMZONIfEIhJ71ToeEoX/j
         Lqpuw3k5B3I+V9pEQHRqe1YbIovPVImQXyoNs18sK+Z1fnDQYSM8xxy3gco5irVj8hAJ
         K2EseLZYMBHIF3qOtkJVGjT4wlmmrwtNpoJJj6CfyIC1TUHMlKB6E+lzP5wchovHniD8
         9UaU+N2U6NYnGkF46cEmrSvIxVvtc0hzH+FdbfsVCukNT8t/BFEiLRSnX/0hMCcz5o2Q
         ou7w==
MIME-Version: 1.0
Received: by 10.236.184.8 with SMTP id r8mr8090374yhm.110.1332050193283; Sat,
 17 Mar 2012 22:56:33 -0700 (PDT)
Sender: tjerk.meesters@gmail.com
Received: by 10.147.146.6 with HTTP; Sat, 17 Mar 2012 22:56:33 -0700 (PDT)
In-Reply-To: <4F652868.7070901@sugarcrm.com>
References: <CAJWj5+HwwLCzc2QXkYgTba+6CT5Liae3ZG2TrCThqx+C6mkS8A@mail.gmail.com>
	<CAJWj5+HPtUTnmqC83AasB8SqaPBBY98sEivBjDrwkaMMfjzuZA@mail.gmail.com>
	<4F65267D.3040005@googlemail.com>
	<4F652868.7070901@sugarcrm.com>
Date: Sun, 18 Mar 2012 13:56:33 +0800
X-Google-Sender-Auth: RXaSY5p9BAulQH-8q_Lv0Y0wsKk
Message-ID: <CAHMUw2H3MrN_1kgqyL++FYp-F8y2W1GGNsgBqrNMzfvL4E15gg@mail.gmail.com>
To: Stas Malyshev <smalyshev@sugarcrm.com>
Cc: Sam <sam.e.giles@gmail.com>, 
	"internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] Randomize hash-function in php
From: datibbaw@php.net (Tjerk Anne Meesters)

On Sun, Mar 18, 2012 at 8:12 AM, Stas Malyshev <smalyshev@sugarcrm.com> wrote:
> Obvious solution would be to use a salt for the hash, which prevents blind
> pre-computing of hash collisions. However, due to the fact that PHP hash
> values can be reused in different processes by bytecode caches, implementing
> it properly is not trivial.

What if php uses salts for specific hashes only, such as GPC (or all
hashes whose lifetime is limited to the current reuqest), and use a
zero-value salt for all others?