--- Original message ---
From: Joe Orton
(hash(key) * ht-pure_random_number) % ht-max
where ht-max is 15 by default. So you merely have to increase the
size of the input by 15 to produce at least the same overhead; the
attacker must generate 15n keys to ensure they hit all the
Original Message
Subject: Re: [RFC] further proxy/rewrite URL validation security issue
(CVE-2011-4317)
Date: Tue, 17 Jan 2012 16:47:01 -0500
From: Jeff Trawick traw...@gmail.com
Reply-To: d...@httpd.apache.org
To: d...@httpd.apache.org
On Thu, Jan 12, 2012 at 4:54 AM, Tomas
