Re: Hash Table Collisions (n.runs-SA-2011.004)

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Hash Table Collisions (n.runs-SA-2011.004)
From: Josh Simmons <simmons.44@...>
Date: Sat, 31 Dec 2011 08:09:18 +1100

Why not just limit n at the parser level? Far simpler than any alternative. It's not like your application really needs to handle arbitrary numbers of fields all at once.

You have to be careful with HTTP header fields too.

On Dec 31, 2011 6:21 AM, "Gé Weijers" <ge@weijers.org> wrote:

It does not solve the initial problem: a malicious entity, which uses its knowledge of the hash function to generate hash collisions. If you keep the hash function a secret (typically by using a random member of a universal hash function family) the problem goes away anyway, and you don't necessarily need cuckoo hashing to avoid disaster, which typically uses 2 members of that same hash function family.

BTW: Hopscotch hashing is another hashing variant that looks interesting.

Gé

--
Gé

Follow-Ups:
- Re: Hash Table Collisions (n.runs-SA-2011.004), Mark Hamburg

References:
- Hash Table Collisions (n.runs-SA-2011.004), fredrik danerklint
- Re: Hash Table Collisions (n.runs-SA-2011.004), Peter Cawley
- Re: Hash Table Collisions (n.runs-SA-2011.004), Leo Razoumov
- Re: Hash Table Collisions (n.runs-SA-2011.004), Peter Cawley
- Re: Hash Table Collisions (n.runs-SA-2011.004), Leo Razoumov
- Re: Hash Table Collisions (n.runs-SA-2011.004), Michael Richter
- Re: Hash Table Collisions (n.runs-SA-2011.004), Gé Weijers

Prev by Date: Re: [LuaJIT FFI] Crashing when exiting after loading SOIL DLL
Next by Date: Re: [LuaJIT FFI] Crashing when exiting after loading SOIL DLL
Previous by thread: Re: Hash Table Collisions (n.runs-SA-2011.004)
Next by thread: Re: Hash Table Collisions (n.runs-SA-2011.004)
Index(es):
- Date
- Thread