|
|
Log in / Subscribe / Register

The hash complexity attack

The hash complexity attack

Posted Apr 12, 2012 14:44 UTC (Thu) by intgr (subscriber, #39733)
In reply to: The hash complexity attack by job
Parent article: Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3 security release

> I wonder what made them change their minds.

There was a recent report about how this affects most major web frameworks:
http://www.infosecisland.com/blogview/19160-US-CERT-Hash-...
http://www.nruns.com/_downloads/advisory28122011.pdf

The figure for Python (Zope+Plone) was 7 minutes of parsing for 1MB of POST data, or 20 kbit/s bandwidth to keep 1 CPU core busy.

to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds