[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Hash Table Collisions (n.runs-SA-2011.004)
- From: William Ahern <william@...>
- Date: Wed, 4 Jan 2012 16:29:54 -0800
On Wed, Jan 04, 2012 at 04:16:00PM -0800, Sam Roberts wrote:
> OK, so quoting the report:
>
> ruby could be caused to take 6 hours of i7 CPU time to parse a 2 MB
> post request
>
> That seems ripe for exploit.
>
> Whereas I rearranged your code to run standalone, and what I'm seeing
> for 8MB of input to lua is it goes from about 2 seconds with random
> data to about 44 seconds with crafted data. And I have an i3 CPU, not
> i7, for what its worth.
>
> That's not blowing me away.
That's because NotSoRandom can only generate 4489 unique keys, if I'm
reading it correctly.
- References:
- Re: Hash Table Collisions (n.runs-SA-2011.004), Miles Bader
- Re: Hash Table Collisions (n.runs-SA-2011.004), Ashwin Hirschi
- Re: Hash Table Collisions (n.runs-SA-2011.004), Miles Bader
- Re: Hash Table Collisions (n.runs-SA-2011.004), William Ahern
- Re: Hash Table Collisions (n.runs-SA-2011.004), William Ahern
- Re: Hash Table Collisions (n.runs-SA-2011.004), Gé Weijers
- Re: Hash Table Collisions (n.runs-SA-2011.004), William Ahern
- Re: Hash Table Collisions (n.runs-SA-2011.004), Sam Roberts
- Re: Hash Table Collisions (n.runs-SA-2011.004), Petite Abeille
- Re: Hash Table Collisions (n.runs-SA-2011.004), Sam Roberts
