oss-sec mailing list archives
Re: PHP and some == wonkiness
From: mancha <mancha1 () zoho com>
Date: Tue, 5 May 2015 08:24:42 +0000
On Tue, May 05, 2015 at 09:44:00AM +0200, Florian Weimer wrote:
On 05/05/2015 09:26 AM, mancha wrote:Taking sha1 as our reference hash and "==" as our equivalence relation: All [a-f][0-9a-f]{39} are in equivalence class A. All 42[a-f][0-9a-f]{37} are in equivalence class B. Note: those regexes aren't representative of the full equivalence classes because prepending 0s doesn't alter the value (i.e. 0[a-f][0-9a-f]{38} is in equivalence class "A" as well..I cannot reproduce this. Or you use “equivalence class” in a non-standard way. -- Florian Weimer / Red Hat Product Security
I was using "equivalence class" in a standard way but mis-understood PHP's casting rules when comparing strings so never mind that comment. To raise the SNR back up, I agree with your assessment if we account for prepended 0s. So out of the 16^40 total hashes, I believe 10^38+10^37+...+10^1 of them will evaluate to float(0). A bit higher than your estimate (which only considered 10^38 of them). Same order of magnitude though. --mancha
Attachment:
_bin
Description:
Current thread:
- PHP and some == wonkiness Kurt Seifried (May 04)
- Re: PHP and some == wonkiness Pádraic Brady (May 04)
- Re: PHP and some == wonkiness Florian Weimer (May 04)
- Re: PHP and some == wonkiness mancha (May 05)
- Re: PHP and some == wonkiness Florian Weimer (May 05)
- Re: PHP and some == wonkiness mancha (May 05)
- Re: PHP and some == wonkiness mancha (May 05)
- Re: PHP and some == wonkiness Grandma Eubanks (May 05)
- Re: PHP and some == wonkiness Sliv TaMere (May 06)
- Re: PHP and some == wonkiness Florian Weimer (May 04)
- Re: PHP and some == wonkiness Pádraic Brady (May 04)