Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:96018
Return-Path: <nikita.ppv@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 85249 invoked from network); 16 Sep 2016 10:21:14 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Sep 2016 10:21:14 -0000
Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=nikita.ppv@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.176 as permitted sender)
X-PHP-List-Original-Sender: nikita.ppv@gmail.com
X-Host-Fingerprint: 209.85.161.176 mail-yw0-f176.google.com  
Received: from [209.85.161.176] ([209.85.161.176:33224] helo=mail-yw0-f176.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id FF/0B-09226-F87CBD75 for <internals@lists.php.net>; Fri, 16 Sep 2016 06:21:03 -0400
Received: by mail-yw0-f176.google.com with SMTP id i129so85830872ywb.0
        for <internals@lists.php.net>; Fri, 16 Sep 2016 03:21:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=mQg2/pnBi6QGSS74gcY+D+cE1TU7ZIRdzeHYe4kDRf8=;
        b=i8J/CW6vULjOKvJfA5IZf7xyj/p1IXLG2xFzyzstAIlCPJ1Ll07j+7tWt0n5h0rDgN
         WuGFEf2+riYMS6lmkcv2FnAgTSaZFtWFxngI9mIvEbXIM+vp3/aqk1TY8/HhZQxx2VTy
         LWWXX97BoPTp0B3VxhTYORTfmxzlxrXVpfaa8BG7y7D/2VHeH7HSi0GzmjxCzho6LxEr
         kdxqR0Ztyh6TZlbLA3uPD/VTee1ZtSuSDfLoHmWDW/rxtl9OKTLkAvEe2U4ZYp5uXDqF
         q1uVAdR3CoAVn9kpaVD1h4q15ZuJaBYNac97iPwlb6UhJwXeMqWvoUb2mSf6aZ+bT+YH
         WlJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=mQg2/pnBi6QGSS74gcY+D+cE1TU7ZIRdzeHYe4kDRf8=;
        b=lHY7WRgBr5dxNzaH9kGRcx5IpPky96/xSnC/5gieQfOy/P1MoJtqtmYArGD6MidyUu
         V8QROJe+GPJEQ9UTXgHdHqrh3DTaNQXaaqUHuMBGvU9hKGu9iGSdh9Mfj+K5WfNjubfS
         vGY9colrhSmr12HxUQA+/gPIzjEBLkZ+39yoIEeHGAHpyvn6QM7rCs/qq6gdHn8gdIK6
         uRLVnqIJwJ9DMxdlfX/GCxWLEyJ2ayb1t0tbelXo0cnOLyggD05sCrxUMZ5s2ek4kEKO
         /DDfkhA3BEfLFoKM9O3S/eby/8zf4pYUN3fCsWdzh4W2gqbkpBkzizpWt6DaTdsUvfYr
         luRQ==
X-Gm-Message-State: AE9vXwNr5sXSNYBQNgQHTALigS1pHbTafcluIlFOJMH9vUpIpta9t2EU0JvDxR+IjIS8szXPtlwTTHeAniOz8w==
X-Received: by 10.129.109.201 with SMTP id i192mr12871373ywc.4.1474021260494;
 Fri, 16 Sep 2016 03:21:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.215.139 with HTTP; Fri, 16 Sep 2016 03:20:59 -0700 (PDT)
In-Reply-To: <7d5727ba-da33-e3c5-1d1f-318c45d81616@cubiclesoft.com>
References: <CAKws9z2EWkNNhM7tOMh-_pQ3iLjVj7hbXTB1Hh3a19utPzj-9A@mail.gmail.com>
 <e741fec3-b301-647c-b24c-dec2fa92554c@gmail.com> <7d5727ba-da33-e3c5-1d1f-318c45d81616@cubiclesoft.com>
Date: Fri, 16 Sep 2016 12:20:59 +0200
Message-ID: <CAF+90c-nWJ7SBo1MwjL=87L925xAJAszm1Zq84shUR9Ax2xi1A@mail.gmail.com>
To: Thomas Hruska <thruska@cubiclesoft.com>
Cc: Stanislav Malyshev <smalyshev@gmail.com>, Scott Arciszewski <scott@paragonie.com>, 
	PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a114e81d29f8cf9053c9d51d3
Subject: Re: [PHP-DEV] HashDoS
From: nikita.ppv@gmail.com (Nikita Popov)

--001a114e81d29f8cf9053c9d51d3
Content-Type: text/plain; charset=UTF-8

On Fri, Sep 16, 2016 at 7:59 AM, Thomas Hruska <thruska@cubiclesoft.com>
wrote:

> On 9/15/2016 5:20 PM, Stanislav Malyshev wrote:
>
>> Hi!
>>
>> On 9/15/16 11:48 AM, Scott Arciszewski wrote:
>>
>>> Would the Internals team be open to discussing mitigating HashDoS in a
>>> future version of PHP? i.e. everywhere, even for json_decode() and
>>> friends,
>>> by fixing the problem rather than capping the maximum number of input
>>> parameters and hoping it's good enough.
>>>
>>> I'd propose SipHash (and/or a derivative):
>>> https://www.131002.net/siphash/
>>>
>>
>> I am worries about performance. Base hash structure has to be *very*
>> fast. I have doubts that cryptographic function can perform at these
>> levels. Did you test what is performance of this function compared to
>> existing hash function?
>>
>
> If anyone wants a VERY rough estimate of relative performance degradation
> as a result of switching to SipHash, here's a somewhat naive C++
> implementation of a similar data structure to that found in PHP:
>
> https://github.com/cubiclesoft/cross-platform-cpp
>
> (See the "Hash performance benchmark" results at the above link.)
>
> In short, there's a significant degradation just switching from djb2 to
> SipHash depending on key type.  A similar effect would probably be seen in
> PHP.
>
> Randomizing the starting hash value for djb2 during the core startup
> sequence *could* also be effective for mitigating HashDoS.  Extensive
> testing would have to be done to determine how collision performance plays
> out with randomized starting hash values.  I can't find any arguments
> anywhere against using randomized starting hash values for djb2.  Also of
> note, the 33 multiplier seems more critical than anything else for mixing
> bits together.
>

Randomizing the starting hash value of DJB has come up in the previous
thread as well -- it sounds nice, but is turns out to be completely
ineffective, because DJB collisions (at least the standard class of
collisions ignoring overflow [1]) are independent of the starting hash
value.

Nikita

[1]:
http://www.phpinternalsbook.com/hashtables/hash_algorithm.html#hash-collisions

--001a114e81d29f8cf9053c9d51d3--