Re: [ANN] Lua 5.2.1 (work1) now available

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: [ANN] Lua 5.2.1 (work1) now available
From: John Graham-Cumming <jgc@...>
Date: Thu, 22 Mar 2012 16:50:06 +0000

On Thu, Mar 22, 2012 at 16:44, Roberto Ierusalimschy <roberto@inf.puc-rio.br> wrote:

> So, can makes long string just using a few of bytes to calculate hash
> value? using a random seed to choose how to skip bytes? this will be
> better.

Yes, that may be a good idea. But note that the proposal has two
different things (that maybe we should have tried separately).

Doing that might not be a good idea from a security perspective. If the random seed were just used to chose the 'hop' between characters in the hash then it wouldn't take much to run through all possible 'hops' and DoS the hash. The only way to do that would be to hop randomly from character to character based on the seed.

John.

Follow-Ups:
- Re: [ANN] Lua 5.2.1 (work1) now available, Xavier Wang

References:
- [ANN] Lua 5.2.1 (work1) now available, Luiz Henrique de Figueiredo
- Re: [ANN] Lua 5.2.1 (work1) now available, liam mail
- Re: [ANN] Lua 5.2.1 (work1) now available, liam mail
- Re: [ANN] Lua 5.2.1 (work1) now available, Roberto Ierusalimschy
- Re: [ANN] Lua 5.2.1 (work1) now available, Enrico Colombini
- Re: [ANN] Lua 5.2.1 (work1) now available, Hans Hagen
- Re: [ANN] Lua 5.2.1 (work1) now available, Roberto Ierusalimschy
- Re: [ANN] Lua 5.2.1 (work1) now available, Xavier Wang
- Re: [ANN] Lua 5.2.1 (work1) now available, Roberto Ierusalimschy

Prev by Date: Re: [ANN] Lua 5.2.1 (work1) now available
Next by Date: Re: When is OP_LOADKX used?
Previous by thread: Re: [ANN] Lua 5.2.1 (work1) now available
Next by thread: Re: [ANN] Lua 5.2.1 (work1) now available
Index(es):
- Date
- Thread