Re: Real-World Impact of Hash DoS in Lua

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Real-World Impact of Hash DoS in Lua
From: Roberto Ierusalimschy <roberto@...>
Date: Wed, 25 Jan 2012 20:26:04 -0200

> OK.  Cool.  This is a showstopper for the company I am working with for
> rolling out embedded Lua with nginx.  Is there anything I can do to help?

what it is still missing now is how to create the initial per-state
random seed. Suggestions included some address and arc4random. I am
afraid that, for the backup ANSI implementation, we cannot do much
better than something like this:

  seed = (unsigned int)time() + (unsigned int)L;

We can have better implementations for particular system. For instance,
we can use arc4random if present, but how to detect it? Are there any
other suggestions?

-- Roberto

Follow-Ups:
- Re: Real-World Impact of Hash DoS in Lua, William Ahern
- Re: Real-World Impact of Hash DoS in Lua, Jerome Vuarand
- Re: Real-World Impact of Hash DoS in Lua, Sean Conner
- Re: Real-World Impact of Hash DoS in Lua, Florian Weimer
- Re: Real-World Impact of Hash DoS in Lua, Natanael Copa

References:
- Re: Real-World Impact of Hash DoS in Lua, John Graham-Cumming
- Re: Real-World Impact of Hash DoS in Lua, Roberto Ierusalimschy
- Re: Real-World Impact of Hash DoS in Lua, John Graham-Cumming

Prev by Date: Re: string dollar literals (for luamacro or tokenf)
Next by Date: Re: string dollar literals (for luamacro or tokenf)
Previous by thread: Re: Real-World Impact of Hash DoS in Lua
Next by thread: Re: Real-World Impact of Hash DoS in Lua
Index(es):
- Date
- Thread