From: Gerd Stolpmann <info@gerd-stolpmann.de>
To: Shawn Wagner <shawnw@speakeasy.org>
Cc: caml-list@inria.fr
Subject: Re: [Caml-list] Hashtbl and security
Date: Mon, 02 Jan 2012 15:52:14 +0100 [thread overview]
Message-ID: <1325515934.5036.199.camel@samsung> (raw)
In-Reply-To: <20120101162156.2f2e49f1@speakeasy.org>
Am Sonntag, den 01.01.2012, 16:21 -0800 schrieb Shawn Wagner:
> On Fri, 30 Dec 2011 17:44:06 +0100
> Gerd Stolpmann <info@gerd-stolpmann.de> wrote:
> >
> > What are possible fixes?
> >
> > 1) Avoid hash tables in contexts where security is relevant. The
> > alternative is Set (actually a balanced binary tree), which does not
> > show this problem.
> >
> > 2) Use cryptographically secure hash functions.
> >
> > 3) Use "randomized" hash tables. The trick here is that there is not a
> > single hash function h anymore, but a family h(1)...h(n). When the
> > hash table is created, one of the functions is picked randomly. This
> > makes it impossible to craft an attack request, because you cannot
> > predict the function.
> >
>
> There's also an option 4 that's barely been mentioned in any
> discussion of this issue I've seen: Use a hash table implementation that
> handles collisions in another way than having each bucket be a linked
> list. Double hashing and cuckoo hashing come to mind, where an attacker
> would have to find keys that map to the same value for not one, but two
> or more different hash functions.
When I overlook this correctly, this is just a trick to use more bits.
So when you double-hash with two functions that deliver 30 bits each
you'll effectively have the same security as 60 bits - provided these
functions are really independent of each other.
The choice of the functions is crucial, IMHO. I have no idea how you
would choose them so that when you crack one of these, you don't know
anything about the other. Of course, you could use a secure hash
function like SHA-1 and take distinct ranges of bits, but I think this
is more an implementation of 2), and not what you really mean.
Is there any cryptanalysis of this approach?
Gerd
--
------------------------------------------------------------
Gerd Stolpmann, Darmstadt, Germany gerd@gerd-stolpmann.de
Creator of GODI and camlcity.org.
Contact details: http://www.camlcity.org/contact.html
Company homepage: http://www.gerd-stolpmann.de
------------------------------------------------------------
next prev parent reply other threads:[~2012-01-02 14:52 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-30 16:44 Gerd Stolpmann
2011-12-30 16:48 ` Yaron Minsky
2011-12-30 19:01 ` David Allsopp
2011-12-30 20:52 ` Yaron Minsky
2011-12-30 21:54 ` Gerd Stolpmann
2011-12-30 17:06 ` Xavier Leroy
2011-12-30 21:16 ` Gerd Stolpmann
2011-12-31 0:57 ` oliver
2011-12-31 0:59 ` oliver
2012-01-01 12:52 ` Richard W.M. Jones
2012-01-01 17:29 ` Xavier Leroy
2012-01-01 21:04 ` Gerd Stolpmann
2012-01-01 23:24 ` oliver
2012-01-01 23:58 ` Gerd Stolpmann
2012-01-02 1:43 ` oliver
2012-01-04 17:56 ` Damien Doligez
2012-01-04 21:52 ` oliver
2012-01-02 9:34 ` David MENTRE
2012-01-30 10:54 ` Goswin von Brederlow
2011-12-30 17:40 ` rixed
2011-12-30 17:52 ` Edgar Friendly
2011-12-31 1:02 ` oliver
2011-12-31 0:33 ` oliver
2012-01-02 0:21 ` Shawn Wagner
2012-01-02 14:52 ` Gerd Stolpmann [this message]
2012-01-30 10:51 ` Goswin von Brederlow
2012-01-31 14:16 ` Gerd Stolpmann
2012-02-08 9:41 ` Goswin von Brederlow
2012-02-08 10:43 ` Philippe Wang
2012-02-08 10:46 ` AUGER Cédric
2012-02-09 13:22 ` Goswin von Brederlow
2012-02-09 14:48 ` Gerd Stolpmann
2012-02-08 11:12 ` Gerd Stolpmann
2012-02-09 13:11 ` Goswin von Brederlow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1325515934.5036.199.camel@samsung \
--to=info@gerd-stolpmann.de \
--cc=caml-list@inria.fr \
--cc=shawnw@speakeasy.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).