From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 12999 invoked by alias); 26 Dec 2012 21:39:34 -0000 Received: (qmail 12896 invoked by uid 48); 26 Dec 2012 21:39:20 -0000 From: "felix-gcc at fefe dot de" To: gcc-bugs@gcc.gnu.org Subject: [Bug libstdc++/55815] New: switch hash function of libstdc++ hash tables to siphash Date: Wed, 26 Dec 2012 21:39:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: libstdc++ X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: felix-gcc at fefe dot de X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org X-SW-Source: 2012-12/txt/msg02344.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55815 Bug #: 55815 Summary: switch hash function of libstdc++ hash tables to siphash Classification: Unclassified Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: libstdc++ AssignedTo: unassigned@gcc.gnu.org ReportedBy: felix-gcc@fefe.de Hash functions traditionally used by language runtimes for hash tables do not assume that input values will be chosen maliciously to cause collisions and degrade performance. This has become a published attack vector on internet facing hash tables as used in, for example, web services or even memory cache code in front of a database or so. libsupc++ implements the Murmur hash, which was specifically targeted in a recent paper attacking hash functions. See https://131002.net/siphash/ for the attack code that produces collisions in Murmur2 and Murmur3. libsupc++ should switch the hash function to siphash, the function proposed by the authors of this attack. The same bug should be filed against other user facing hash table implementations in gcc. I can think of Java and Go, but there might be others. It may even make sense to replace the hash code gcc itself uses, as there are now web pages where you can paste code and see which code gcc generates for it, turning this problem into a security issue if someone pastes code with colliding symbols to exploit this problem.