[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Interning strings considered harmful (somewhat)
- From: Tony Finch <dot@...>
- Date: Sun, 25 Oct 2009 22:00:45 +0000
On Sun, 25 Oct 2009, Florian Weimer wrote:
> I'm a bit worried by this, and the impact on programs which process
> data from untrusted inputs. I haven't got a really good idea what can
> be done about this. In similar cases, people have used Jenkins'
> lookup3.c hash function with a random seed. Perhaps it is sufficient
> to drop the skipping from Lua's hash function and use a random seed
> stored in the Lua state, but the internal mixing of the current hash
> function seems to be rather weak.
Your observation reminds me of this paper which studies the robustness of
state table lookups in firewalls:
f.anthony.n.finch <firstname.lastname@example.org> http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.