From: Xavier Leroy <Xavier.Leroy@inria.fr>
To: caml-list@inria.fr
Subject: Re: [Caml-list] Hashtbl and security
Date: Fri, 30 Dec 2011 18:06:26 +0100 [thread overview]
Message-ID: <4EFDEF92.3010204@inria.fr> (raw)
In-Reply-To: <1325263446.5036.104.camel@samsung>
On 12/30/2011 05:44 PM, Gerd Stolpmann wrote:
> 1) Avoid hash tables in contexts where security is relevant. The
> alternative is Set (actually a balanced binary tree), which does not
> show this problem.
Highly recommended. Nothing beats guaranteed O(log n) operations.
> 2) Use cryptographically secure hash functions.
Hopeless: with a hash size of 30 bits, as in Caml, or even 64 bits,
there are no cryptographically secure hash functions.
> 3) Use "randomized" hash tables. The trick here is that there is not a
> single hash function h anymore, but a family h(1)...h(n). When the hash
> table is created, one of the functions is picked randomly. This makes it
> impossible to craft an attack request, because you cannot predict the
> function.
Indeed. The optional "seed" parameter to Hashtbl.create does exactly
this in the new implementation of Hashtbl (the one based on Murmur3).
> So, the question is how to do 3). I see two problems here:
>
> a) how to define the family of hash functions. Is it e.g. sufficient to
> introduce an initialization vector for the Murmurhash algorithm, and
> fill it randomly?
IIRC, the Web pages for the Murmur family of hashes gives some
statistical evidence that this approach works.
> How to get a random number that is good enough?
Hmm. /dev/random is your friend on the platforms that support it.
Otherwise, there's always the Random module, but Random.self_init
isn't very strong.
- Xavier Leroy
next prev parent reply other threads:[~2011-12-30 17:06 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-30 16:44 Gerd Stolpmann
2011-12-30 16:48 ` Yaron Minsky
2011-12-30 19:01 ` David Allsopp
2011-12-30 20:52 ` Yaron Minsky
2011-12-30 21:54 ` Gerd Stolpmann
2011-12-30 17:06 ` Xavier Leroy [this message]
2011-12-30 21:16 ` Gerd Stolpmann
2011-12-31 0:57 ` oliver
2011-12-31 0:59 ` oliver
2012-01-01 12:52 ` Richard W.M. Jones
2012-01-01 17:29 ` Xavier Leroy
2012-01-01 21:04 ` Gerd Stolpmann
2012-01-01 23:24 ` oliver
2012-01-01 23:58 ` Gerd Stolpmann
2012-01-02 1:43 ` oliver
2012-01-04 17:56 ` Damien Doligez
2012-01-04 21:52 ` oliver
2012-01-02 9:34 ` David MENTRE
2012-01-30 10:54 ` Goswin von Brederlow
2011-12-30 17:40 ` rixed
2011-12-30 17:52 ` Edgar Friendly
2011-12-31 1:02 ` oliver
2011-12-31 0:33 ` oliver
2012-01-02 0:21 ` Shawn Wagner
2012-01-02 14:52 ` Gerd Stolpmann
2012-01-30 10:51 ` Goswin von Brederlow
2012-01-31 14:16 ` Gerd Stolpmann
2012-02-08 9:41 ` Goswin von Brederlow
2012-02-08 10:43 ` Philippe Wang
2012-02-08 10:46 ` AUGER Cédric
2012-02-09 13:22 ` Goswin von Brederlow
2012-02-09 14:48 ` Gerd Stolpmann
2012-02-08 11:12 ` Gerd Stolpmann
2012-02-09 13:11 ` Goswin von Brederlow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EFDEF92.3010204@inria.fr \
--to=xavier.leroy@inria.fr \
--cc=caml-list@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).