Hello. I've been trying to keep up with perl and its fix for this problem. Not knowing perl internals, I don't fully understand the descrption of plan-C in context and as implemented. I'd like to be sure it hasn't reintroduced a problem. AFAIK, you switch from the past predictable hash function to a new randomized one only when you detect that you're under attack. I have a couple of concerns: 1. How do you dectect 'under attack', and is it possible to construct an attack while not triggering the rekey & rehash? 2. When you rekey and rehash with a new random key, how do you avoid potentially rehashing endlessly. Is it possible to engage in a new attack by forcing endless rehashings instead of lots of collisions? 3. Does this rehashing logic apply univerally to all hash tables in the system? For instance, can mod_perl or other internal hash tables or be built that accidently avoid the detect-attack-and-rehash logic? 4. Are you still using keyed Jenkin's for the hash function? ScottThread Next