Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Randomize hashes of strings (DoS vulnerability) #2817

Closed
oprypin opened this issue Jun 12, 2016 · 5 comments · Fixed by #4946
Closed

Randomize hashes of strings (DoS vulnerability) #2817

oprypin opened this issue Jun 12, 2016 · 5 comments · Fixed by #4946
Labels
kind:feature topic:stdlib:crypto topic:stdlib
Milestone
0.24.0

Comments

@oprypin
Copy link
Member

oprypin commented Jun 12, 2016

Explanation, taken from Python

By default, the __hash__() values of str, bytes and datetime objects are “salted” with an unpredictable random value. Although they remain constant within an individual Python process, they are not predictable between repeated invocations of Python.

This is intended to provide protection against a denial-of-service caused by carefully-chosen inputs that exploit the worst case performance of a dict insertion, O(n^2) complexity. See http://www.ocert.org/advisories/ocert-2011-003.html for details.

See also PYTHONHASHSEED.

In the linked document, it can be seen that Ruby and many other programming languages had this vulnerability fixed.

$ echo '2.times { p "a".hash }' | ruby
2546372741366295617
2546372741366295617
$ echo '2.times { p "a".hash }' | ruby
-3656422326255655719
-3656422326255655719
$ echo '2.times { p "a".hash }' | crystal eval
97
97
$ echo '2.times { p "a".hash }' | crystal eval
97
97

A similar change should probably be introduced to Crystal.
@will
Copy link
Contributor

will commented Jun 17, 2016

An alternative is to use djb's crit-bit trees https://cr.yp.to/critbit.html

From the "Putting crit-bit trees to work" section:

A hash table supports insertion, deletion, and exact searches. A crit-bit tree supports insertion, deletion, exact searches, and ordered operations such as finding the minimum. Another advantage is that a crit-bit tree guarantees good performance: it doesn't have any tricky slowdowns for unusual (or malicious) data.

@faustinoaq
Copy link
Contributor

@spalladino This issue Ain't better in topic:security since could be a vulnerability

@ysbaddaden
Copy link
Contributor

Granted.

@akzhan
Copy link
Contributor

akzhan commented May 31, 2017
edited
Loading

Crystal String.hash uses algorithm that vulnerable to hashDoS.

Ruby and Rust uses Siphash.

Perl 5.26 just released with good improvement:

We have switched to a hybrid hash function to better balance performance for short and long keys.

For short keys, 16 bytes and under, we use an optimised variant of One At A Time Hard, and for longer keys we use Siphash 1-3. For very long keys this is a big improvement in performance. For shorter keys there is a modest improvement.

@akzhan akzhan mentioned this issue Jun 13, 2017
Closed
@vladfaust
Copy link
Contributor

No 1.0 unless it's fixed?

@Fryguy Fryguy mentioned this issue Aug 24, 2017
Closed
@asterite asterite mentioned this issue Sep 10, 2017
Merged
@asterite asterite added this to the Next milestone Sep 17, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind:feature topic:stdlib:crypto topic:stdlib
Projects
None yet
Milestone
0.24.0
Development

Successfully merging a pull request may close this issue.

Introduce Crystal::Hasher for computing a hash value
8 participants
@will @ysbaddaden @akzhan @jhass @asterite @oprypin @faustinoaq @vladfaust