Re: Hash Table Collisions (n.runs-SA-2011.004)

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Hash Table Collisions (n.runs-SA-2011.004)
From: Rob Kendrick <rjek@...>
Date: Tue, 3 Jan 2012 22:48:15 +0000

On Tue, Jan 03, 2012 at 10:30:59PM +0100, Ashwin Hirschi wrote:
> 
> >This sort of attack is only an issue in a very narrow range of
> >applications, and the people developing those applications need to be
> >aware of the issue.
> 
> Please check your calendar. We're writing 2012 and software that
> somehow interacts with/across the Internet is not considered to be
> in a "narrow range" (by any stretch of the imagination).

Almost none of my code written in Lua in the past decade would enter
directly into a long-life hash table anything provided by an untrusted
user.  I'm sure I'm not alone.

B.

References:
- Re: Hash Table Collisions (n.runs-SA-2011.004), TNHarris
- Re: Hash Table Collisions (n.runs-SA-2011.004), Mark Hamburg
- Re: Hash Table Collisions (n.runs-SA-2011.004), Tom N Harris
- Re: Hash Table Collisions (n.runs-SA-2011.004), Mark Hamburg
- Re: Hash Table Collisions (n.runs-SA-2011.004), Vladimir Protasov
- Re: Hash Table Collisions (n.runs-SA-2011.004), Leo Razoumov
- Re: Hash Table Collisions (n.runs-SA-2011.004), Vladimir Protasov
- Re: Hash Table Collisions (n.runs-SA-2011.004), Miles Bader
- Re: Hash Table Collisions (n.runs-SA-2011.004), Ashwin Hirschi

Prev by Date: Re: Hash Table Collisions (n.runs-SA-2011.004)
Next by Date: Re: Hash Table Collisions (n.runs-SA-2011.004)
Previous by thread: Re: Hash Table Collisions (n.runs-SA-2011.004)
Next by thread: Re: Hash Table Collisions (n.runs-SA-2011.004)
Index(es):
- Date
- Thread