Adaptively changing hash?
Posted Jan 12, 2012 19:06 UTC (Thu) by dskoll
Parent article: Denial of service via hash collisions
I'm wondering if you could implement adaptive countermeasures. For example, if you notice a hash chain is too long (where "too long" depends on the number of elements in the hash table and the number of buckets), then you generate a new random seed and rehash the entire table?
Yes, this would suck, but presumably if you could detect an attack early enough, before the performance got really really bad, you might be able to thwart it. It also thwarts an attack that relies on knowing the per-invocation startup seed.
Of course, you'd need to use a high-quality random seed generator to prevent someone from figuring out the entire chain of seeds. Comments?
to post comments)