Hash DOS?
Hi,I just ran across some articles talking about denial of service attacks by targeting Web server hash functions that are used when storing transactions with a user. By designing data queries an attacker can force the server to degrade to very poor performance by making successive queries all hash to the same value. This is a perverse weakness (?) exposed to abusers of computer systems. But the reality is that noobs like this really exist and they seem to delight in perverse actions.
So, I found a reference to a fast (non-cryptographic) hash function called SipHash, by Jean-Philippe Aumasson and Daniel Bernstein, both noteworthy cryptographic experts. Here is a link to their recommendation and analysis:
My question to Lisp system implementors is whether or not they have considered these issues in the design of their hash table hashing functions? The query, for me, popped up in a reference to a DOS (denial of service) attack on Murmurhash3, which was a clever non-cryptographic hash function invented around 2008 (recent… compared to predecessors invented in the 1990’s).
I suppose I could find out the answer for myself by attacking the Lisp implementations with differential analysis and probes. But it really would be easier to have an open discussion about this from the developers themselves.
Eh?
- D.McClain