lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On 12/31/2011 09:22 AM, Alexander Gladysh wrote:

It would also be nice to know, if LJ2 implementation is vulnerable.


It is. LJ2 will only use at most 16 bytes from the string for hashing. The longer the string, the easier it is to guess which bytes are skipped, even if you randomize the selection. In a 32 byte string, the 19th through 28th bytes are not used in the hash.

--
- tom
telliamed@whoopdedo.org