develooper Front page | perl.perl5.porters | Postings from October 2003

Re: Perl 5.8.1, plan C, and algorithmic complexity attacks.

Thread Previous | Thread Next
From:
Chip Salzenberg
Date:
October 22, 2003 12:53
Subject:
Re: Perl 5.8.1, plan C, and algorithmic complexity attacks.
Message ID:
20031022195307.GD27115@perlsupport.com
According to Scott A Crosby:
> I dislike switching algorithms like this proposal because it is too
> easy to make a mistake and not accurately detect when you're under
> attack.

This is a maint branch.  Bincompat is vital.

The only way to avoid algorithm-switching and still restore bincompat
is to use the 'new' algorithm always, and always ignore the hash value
that our callers provide.  This would be an API change of another
kind, because it would impose a speed *penalty* on code that is taking
extra steps -- steps that *we* collectively recommended -- to improve
performance.

In short, Plan C is pretty much the only game in town.
-- 
Chip Salzenberg               - a.k.a. -               <chip@pobox.com>
"I wanted to play hopscotch with the impenetrable mystery of existence,
    but he stepped in a wormhole and had to go in early."  // MST3K

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About