[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
**Subject**: **Re: what is the role of the `seed` field in the Lua global state?**
**From**: Norman Ramsey <nr@...>
**Date**: Wed, 11 Mar 2020 11:15:52 -0400

> > > What does this seed accomplish? What problem does it solve?
> >
> > attackers may use the properties of a hash function to construct a denial
> > of service attack.. by providing strings to your hash
> > function that all hash to the same value destroying the performance of
> > your hash table.
>
> Exactly.
Thanks!
One followup question: is the hash algorithm not vulnerable to exactly
such an attack via strings of lengths between 32 and 40?
It appears that every such string is "short", and therefore interned,
but that the `step` size is 2, so only every other byte contributes to
the hash. So important strings like "__newindex" are protected
(because the seed makes it impossible to predict what they hash to),
but the hash table in general is not. Correct?
Norman