Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:96126 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 76698 invoked from network); 23 Sep 2016 22:18:36 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 23 Sep 2016 22:18:36 -0000 Authentication-Results: pb1.pair.com header.from=fsb@thefsb.org; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=fsb@thefsb.org; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain thefsb.org designates 173.203.187.115 as permitted sender) X-PHP-List-Original-Sender: fsb@thefsb.org X-Host-Fingerprint: 173.203.187.115 smtp115.iad3a.emailsrvr.com Received: from [173.203.187.115] ([173.203.187.115:43527] helo=smtp115.iad3a.emailsrvr.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 3C/F4-51000-A3AA5E75 for ; Fri, 23 Sep 2016 18:18:36 -0400 Received: from smtp15.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp15.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 730C420303; Fri, 23 Sep 2016 18:18:31 -0400 (EDT) X-Auth-ID: fsb@thefsb.org Received: by smtp15.relay.iad3a.emailsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id 5B45720221; Fri, 23 Sep 2016 18:18:31 -0400 (EDT) X-Sender-Id: fsb@thefsb.org Received: from yossy.local (c-66-30-62-12.hsd1.ma.comcast.net [66.30.62.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA) by 0.0.0.0:587 (trex/5.7.7); Fri, 23 Sep 2016 18:18:31 -0400 To: Rowan Collins References: <7d5727ba-da33-e3c5-1d1f-318c45d81616@cubiclesoft.com> <9522ebc9-8d8b-045e-b701-02f1166063e6@gmail.com> <40868951-8BDA-4860-884C-B8252C1839E3@gmail.com> <88433a67-3121-bacb-5db4-89c337914c5b@gmail.com> <5AF206DB-730A-4B03-8D5D-B7C46029AD1A@gmail.com> Cc: PHP Internals Message-ID: <0d8fd604-4eb8-8edb-3b89-d316afd3cb92@thefsb.org> Date: Fri, 23 Sep 2016 18:18:15 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <5AF206DB-730A-4B03-8D5D-B7C46029AD1A@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] HashDoS From: fsb@thefsb.org (Tom Worster) On 9/22/16 3:46 AM, Rowan Collins wrote: > I think I'm right in saying that the power of the attack comes in the fact that the total time doesn't scale linearly but exponentially. quadratic is what i read in the previous thread, iirc. even so, it's still a useful gain. > That doesn't exactly answer the question of whether 1000 is the right value, of course. it's the parameter for what's in effect a statistical hypothesis test for randomness, built on the assumption that key patterns that are not hostile are quasi-random and those that are not random are hostile. 1000 seems large if testing randomness, were that the only consideration. but i guess there is a concern that, in some cases, legitimate use could have key patterns with regularities that lead to accumulation in some bins. so it should work, to a useful extent, if there is a parameter value - low enough to give a worthwhile degree of dos attack protection - high enough to false positive only for benign patterns that would in any case cause terrible performance degradation tom