 |
lua-l archive |
|
|
||
|
unsigned int h = cast(unsigned int, l); /* seed */
Lua's hash tables more or less fall back to linked lists of cells on collisions. (The details are actually a bit more complicated.)
So even if there is two hashes, it still gets the right one since it now using a linked list per hash to get the right key?
If this is the case then I don't think Lua is vulnerably to this kind of attack that they have described.
A secure implementation would introduce some randomizing element per run
I think it already does that since it using the length of the string as a (random)seed.
-- //fredan