Re: what is the role of the `seed` field in the Lua global state?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: what is the role of the `seed` field in the Lua global state?
From: Norman Ramsey <nr@...>
Date: Wed, 11 Mar 2020 14:11:57 -0400

 > The randomized seed is sufficient to protect against attacking a Lua-based
 > program by providing a fixed malicious input that reliably works across
 > runs. 

Shouldn't it be possible to provide a malicious input that consists of
strings of length 32 to 40 that differ only in characters that don't
contribute to the hash?  That would work reliably across runs?

I'm trying to understand what sort of attack is being defended
against.  So far the only attack I understand is an attack against the
performance of strings that are used by the implementation, like "__index".
The seed renders such an attack impossible.

Is there any other attack that's defended against here?


Norman

Follow-Ups:
- Re: what is the role of the `seed` field in the Lua global state?, Roberto Ierusalimschy

References:
- what is the role of the `seed` field in the Lua global state?, Norman Ramsey
- Re: what is the role of the `seed` field in the Lua global state?, Doug Currie
- Re: what is the role of the `seed` field in the Lua global state?, Roberto Ierusalimschy
- Re: what is the role of the `seed` field in the Lua global state?, Norman Ramsey
- Re: what is the role of the `seed` field in the Lua global state?, Coda Highland

Prev by Date: Re: what is the role of the `seed` field in the Lua global state?
Next by Date: Re: what is the role of the `seed` field in the Lua global state?
Previous by thread: Re: what is the role of the `seed` field in the Lua global state?
Next by thread: Re: what is the role of the `seed` field in the Lua global state?
Index(es):
- Date
- Thread