[Bug libstdc++/55815] New: switch hash function of libstdc++ hash tables to siphash

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "felix-gcc at fefe dot de" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug libstdc++/55815] New: switch hash function of libstdc++ hash tables to siphash
Date: Wed, 26 Dec 2012 21:39:00 -0000	[thread overview]
Message-ID: <bug-55815-4@http.gcc.gnu.org/bugzilla/> (raw)

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55815

             Bug #: 55815
           Summary: switch hash function of libstdc++ hash tables to
                    siphash
    Classification: Unclassified
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libstdc++
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: felix-gcc@fefe.de

Hash functions traditionally used by language runtimes for hash tables do not
assume that input values will be chosen maliciously to cause collisions and
degrade performance.  This has become a published attack vector on internet
facing hash tables as used in, for example, web services or even memory cache
code in front of a database or so.

libsupc++ implements the Murmur hash, which was specifically targeted in a
recent paper attacking hash functions.  See https://131002.net/siphash/ for the
attack code that produces collisions in Murmur2 and Murmur3.

libsupc++ should switch the hash function to siphash, the function proposed by
the authors of this attack.

The same bug should be filed against other user facing hash table
implementations in gcc.  I can think of Java and Go, but there might be others.

It may even make sense to replace the hash code gcc itself uses, as there are
now web pages where you can paste code and see which code gcc generates for it,
turning this problem into a security issue if someone pastes code with
colliding symbols to exploit this problem.

next             reply	other threads:[~2012-12-26 21:39 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-12-26 21:39 felix-gcc at fefe dot de [this message]
2013-01-05 13:29 ` [Bug libstdc++/55815] " redi at gcc dot gnu.org
2013-01-05 14:35 ` redi at gcc dot gnu.org
2013-01-05 14:48 ` paolo.carlini at oracle dot com
2015-09-22 22:11 ` gpike at google dot com
2015-09-23  2:08 ` felix-glibc at fefe dot de
2015-09-23  3:29 ` miyuki at gcc dot gnu.org
2015-09-23  9:56 ` redi at gcc dot gnu.org

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-55815-4@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).