Re^2: selecting random key from hash

In latest perls, the hashing seed used is randomised to avoid certain types of DOS attacks. However, it is not randomised at each use - instead, each time a new key is added to the hash perl checks whether the hash is becoming heavily unbalanced (either due to an injection attack or due to simple bad luck), and re-hashes only if it is.

In normal use, the rehashing should rarely happen. And that's just as well because it is relatively expensive.

(Before you ask, I'd add that this is not vulnerable to a higher level DOS attack that forces constant rehashing unless the attacker can predict the new random hash seed that will be selected.)

Hugo

Comment on Re^2: selecting random key from hash

Replies are listed 'Best First'.
Re^3: selecting random key from hash by BrowserUk (Patriarch) on Jul 13, 2004 at 09:37 UTC
Thanks Hugo. I remember the discussion from when it came up originally. I even came up with a suggestion for fixing it that wasn't a million miles away from what got implemented, though I doubt my half-cocked idea was any influence :) Given the OP was picking 4 at a time from a "very large hash", the inherent randomness (assuming he has it enabled (or can work out how to enable it!! Argggh!)), might be sufficiently random for his purpose. It would have an advantage over the other solutions presented, in that it would avoid duplicates whilst ensuring full coverage. If that is a requirement. Examine what is said, not who speaks. "Efficiency is intelligent laziness." -David Dunham "Think for yourself!" - Abigail "Memory, processor, disk in that order on the hardware side. Algorithm, algoritm, algorithm on the code side." - tachyon	[reply]

Replies are listed 'Best First'.

Re^3: selecting random key from hash
by BrowserUk (Patriarch) on Jul 13, 2004 at 09:37 UTC

Thanks Hugo. I remember the discussion from when it came up originally. I even came up with a suggestion for fixing it that wasn't a million miles away from what got implemented, though I doubt my half-cocked idea was any influence :)

Given the OP was picking 4 at a time from a "very large hash", the inherent randomness (assuming he has it enabled (or can work out how to enable it!! Argggh!)), might be sufficiently random for his purpose.

It would have an advantage over the other solutions presented, in that it would avoid duplicates whilst ensuring full coverage. If that is a requirement.

Examine what is said, not who speaks.

"Efficiency is intelligent laziness." -David Dunham
"Think for yourself!" - Abigail
"Memory, processor, disk in that order on the hardware side. Algorithm, algoritm, algorithm on the code side." - tachyon

[reply]