 |
lua-l archive |
|
|
||
|
This sort of attack is only an issue in a very narrow range of applications, and the people developing those applications need to be aware of the issue.
Please check your calendar. We're writing 2012 and software that somehow interacts with/across the Internet is not considered to be in a "narrow range" (by any stretch of the imagination).
Scripting languages like Python, Ruby, Javascript and Perl are dealing (or have already dealt) with this hash collision issue by making the necessary changes to their hash implementations.
I believe Lua needs to do the same. If it does not, it risks being deemed not suitable for writing software for the web. I don't know about you, but I for one would not like to see that happen.
Ashwin.