Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: CERT vulnerability note VU# 539363 (fwd)

From: <broyds () rogers com>
Date: Fri, 18 Oct 2002 12:03:53 -0400
Most hash functions are based on arithmetic modulo a large prime. Most often this prime is chosen to be close to a 
power of 2 to optimize address space (often a Mersenne prime), but there is not neccessity for it so the secret would 
be the prime used as hash base. Guessing prime used is non trivial so it provides some security.




From: Miles Sabin <miles () milessabin com>
Date: 2002/10/18 Fri AM 02:45:26 EDT
To: firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] CERT vulnerability note VU# 539363 (fwd)

Mike Frantzen wrote,

The problem with a hashed state table is that hash tables are very
easy to attack.  The use of collision chains (linked lists) would let
an attack totally blow out the D$ and TLB.  I've make a sun U10
440mhz w/ 2MB L2 grind to a halt w/ 5 packets a second after a long
series of collisions.


Interesting ... the idea being that with knowledge of the hash function 
an attacker could manufacture enough collisions to push the hash table 
to the O(n) worst case?

Couldn't that attack be frustrated by a more sophisticated hash function 
parameterized with a local secret (ie. the attacker would need to know 
the secret as well as the function before they could reliably generate 
collisions)? Or would that make the hash function too computationally 
expensive?

Cheers,


Miles
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: