Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:89484 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 53815 invoked from network); 29 Nov 2015 11:44:40 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 29 Nov 2015 11:44:40 -0000 Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=nikita.ppv@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.193 as permitted sender) X-PHP-List-Original-Sender: nikita.ppv@gmail.com X-Host-Fingerprint: 209.85.160.193 mail-yk0-f193.google.com Received: from [209.85.160.193] ([209.85.160.193:35767] helo=mail-yk0-f193.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id B2/73-04444-725EA565 for ; Sun, 29 Nov 2015 06:44:39 -0500 Received: by ykba77 with SMTP id a77so14257086ykb.2 for ; Sun, 29 Nov 2015 03:44:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=foXDGjuOuLFdjGU+3E/5Ru7njH2yE1SKd9amBQPluJo=; b=H6rsYBDTcVh1gL9YHdpDP8KydgtlGeNuHtxH7uCbau4wVyzZw4NiDxjZbd1m9ws3WF ifZT6AVs6XVVh1KTnw/MYpKQyjOsBi3WZ4pAoMcpXKwNam6dcmVRb8YkclBmptpyv60S Z5kFmLE5CFIqdZGczOL1gja2AsDO4nkY3gO9PHECbIL6uATRZ68oZbiBapSMEWMtgRAx 2aXc0Oyg00I27pxyJV5qFQQPDnLSoVDgCzo9EHEVZNTtx2GwHAmSy6t+tG6k6r0T+11u qy90AWsc7u1sP5/9oUA/zs2ZqHhtH+GO6sDX4nReD8Gbd1CJunRsSM6G3pLDVTv+arjS vq1A== MIME-Version: 1.0 X-Received: by 10.129.50.214 with SMTP id y205mr15638762ywy.147.1448797476566; Sun, 29 Nov 2015 03:44:36 -0800 (PST) Received: by 10.13.248.130 with HTTP; Sun, 29 Nov 2015 03:44:36 -0800 (PST) In-Reply-To: <014301d129cc$4f97f140$eec7d3c0$@lool.fr> References: <010e01d12978$231e7cf0$695b76d0$@lool.fr> <014301d129cc$4f97f140$eec7d3c0$@lool.fr> Date: Sun, 29 Nov 2015 12:44:36 +0100 Message-ID: To: Pascal KISSIAN Cc: PHP internals Content-Type: multipart/alternative; boundary=001a114090e4f140070525ac72cd Subject: Re: HashDos protection From: nikita.ppv@gmail.com (Nikita Popov) --001a114090e4f140070525ac72cd Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Sat, Nov 28, 2015 at 12:02 PM, Pascal KISSIAN wrote: > Sorry Nikita, > > > > I didn=E2=80=99t fully read your 1st message because it was speaking on c= hanging > hash algo=E2=80=A6, and I=E2=80=99ve been a bit lazy on that=E2=80=A6 > > > > However, I only have thought about a minor change introducing a salt. > > In the zend_inline_hash_func , hash is initialized with Z_UL(5381) =E2=80= =A6 what > about just adding a salt value to this number, this would not make any > performance issue. > Collisions in DJBX33A are (integer overflow notwithstanding) completely independent of the starting value, so randomizing it wouldn't help. If you're interested in how DJB collisions are constructed, see http://www.phpinternalsbook.com/hashtables/hash_algorithm.html#hash-collisi= ons . > For hashing integers, why just not adding a salt value also=E2=80=A6 and= no > performance issue=E2=80=A6. > Similarly, this would not have any effect either. We reduce hashes using an equivalent of hash % table_size, which is the same as (hash + N * table_size) % table_size for any N. If you simply add an additional number to it, the same relation still holds: (hash + salt) % table_size =3D=3D (ha= sh + salt + N * table_size) % table_size, so elements that collided previously still collide. > For storing the salt, if you choose to have one different random value > for each hash table, it would not be a problem for arrays living in > opcache SHM=E2=80=A6 > Randomizing the string hashing function would however prevent caching the hash in the zend_string structure. Nikita --001a114090e4f140070525ac72cd--