[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Real-World Impact of Hash DoS in Lua
- From: Roberto Ierusalimschy <roberto@...>
- Date: Wed, 25 Jan 2012 20:26:04 -0200
> OK. Cool. This is a showstopper for the company I am working with for
> rolling out embedded Lua with nginx. Is there anything I can do to help?
what it is still missing now is how to create the initial per-state
random seed. Suggestions included some address and arc4random. I am
afraid that, for the backup ANSI implementation, we cannot do much
better than something like this:
seed = (unsigned int)time() + (unsigned int)L;
We can have better implementations for particular system. For instance,
we can use arc4random if present, but how to detect it? Are there any
other suggestions?
-- Roberto