Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use system entropy to initialize hashmap keys #42

Open
wants to merge 2 commits into
base: 1.67.1
Choose a base branch
from
Open

Use system entropy to initialize hashmap keys #42

wants to merge 2 commits into from

Conversation

thomcc
Copy link
Contributor

@thomcc thomcc commented Mar 14, 2023

I'm not sure if we need this. It's an annoying amount of code because we can't really use the unix/rand.rs implementation (and don't have any remaining file I/O code elsewhere). See comment for details.

That said, this should avoid HashDOS, but I'm unsure if that was plausible anyway without this change. ISTM most of the time we'll still ensure a unique seed due to the per-use increment in RandomState, and I think SipHash is strong enough that per-use unique seeds are sufficient to avoid the issue unless the attacker can (probabilistically) guarantee that they're the first caller of that function. That's unlikely but not so unlikely that it seems ignorable...

I've opted to panic on failure (the way the stdlib does) rather than fall back to insecure behavior, since if there's a benefit to having it, it seems bad to allow it to fail silently.

Any thoughts @workingjubilee?

@thomcc thomcc requested a review from workingjubilee March 14, 2023 16:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@workingjubilee workingjubilee Awaiting requested review from workingjubilee

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@thomcc