Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:79892 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 72849 invoked from network); 23 Dec 2014 20:13:27 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 23 Dec 2014 20:13:27 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.223.180 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.223.180 mail-ie0-f180.google.com Received: from [209.85.223.180] ([209.85.223.180:60580] helo=mail-ie0-f180.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 27/E0-01814-6ECC9945 for ; Tue, 23 Dec 2014 15:13:27 -0500 Received: by mail-ie0-f180.google.com with SMTP id rp18so6634139iec.11 for ; Tue, 23 Dec 2014 12:13:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=z1U7Bd3iyMk8G4PYyTdbTWNssjBEB5ZG+HR3jAlgrAE=; b=LwOyri/ArUsE13iIw9RplMIBlevbnPOtoNOUlTW6xN1L1xPynybeMvMZ9LOXE2HvOp FN3igGbjAYuiqEVYbJXbgS5YM9pjZ8P6SrOtJ1/jIPYXYKp6AAf6d7IT3EdgbgzhEuj4 pj39HFro7b/XRJxantV/lhHNb79Eo3fYUumA+xX48xeAjjdYAyPhd4t8HWxAWartY/LR MRZfxo6nD8k7PUJEqSkO2tqLqZc40XQfK70OxS9J+R/rXFocyzvhtVdbUlww8TdldPU6 tz3lZ38kRErIZ+n0GSXvriHShrTNBzXBvXr3S4F9BQ+LR/eVpymwAt4abTr0aWYBYrGW WBzQ== X-Received: by 10.107.129.80 with SMTP id c77mr26588980iod.92.1419365604087; Tue, 23 Dec 2014 12:13:24 -0800 (PST) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.107.164.217 with HTTP; Tue, 23 Dec 2014 12:12:42 -0800 (PST) In-Reply-To: References: Date: Wed, 24 Dec 2014 05:12:42 +0900 X-Google-Sender-Auth: MQ9dJVve4iE5-6p94uR_BhNv5KU Message-ID: To: Pierre Joye Cc: Scott Arciszewski , PHP internals Content-Type: multipart/alternative; boundary=001a113f9b4ea36ce1050ae7cea9 Subject: Re: [PHP-DEV] JSON HASHDOS From: yohgaki@ohgaki.net (Yasuo Ohgaki) --001a113f9b4ea36ce1050ae7cea9 Content-Type: text/plain; charset=UTF-8 Hi, On Wed, Dec 24, 2014 at 4:51 AM, Pierre Joye wrote: > This issue has been reported earlier on security@php.net and is being > discussed and analyzed. It is not a simple task. > If we are not going to use other hash (i.e. half MD4 like other langs), how about add max allowed collisions? It would be simple and fast enough. I'm not looking at the code, so I could be wrong. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --001a113f9b4ea36ce1050ae7cea9--