develooper Front page | perl.perl5.porters | Postings from October 2003

Re: Hypothetical attack on 5.8.1 randomized hashes.

Thread Previous | Thread Next
From:
Alan Burlison
Date:
October 31, 2003 10:35
Subject:
Re: Hypothetical attack on 5.8.1 randomized hashes.
Message ID:
3FA2AB1F.1030307@sun.com
Scott A Crosby wrote:

>>You have forgotten one crucial bit of the equation - the OS scheduler.
>>Most scheduler ticks are in the 50-100Hz range, so that will add
>>orders of magnitude more jitter than rehashing. 
> 
> s/rehashing/strcmp()/  ?

tick

> Although true, this is inapplicable. Generally the timer interrupt is
> only used to context switch out of a task that doesn't otherwise
> block. Normally on an idle machine if a task is blocked and anything
> comes in to unblock it. (Either from a timeout in sleep() or select()
> or incoming data from the network) it is unblocked and run
> immediately.

Except on a heavily loaded machine - like one that is under attack, say... 
And the latency involved with a context switch is not inconsiderable, and 
not predictable, and machines with more than 1 CPU will have a different 
profile anyway...

Unless someone has bound Apache into the real-time scheduling class, I'd be 
astonished if this attack was realisable.  There is too much else going on 
to make this predictable - for example page faults.

-- 
Alan Burlison
--


Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About