Am Freitag, den 30.12.2011, 18:06 +0100 schrieb Xavier Leroy:
> > 3) Use "randomized" hash tables. The trick here is that there is not a
> > single hash function h anymore, but a family h(1)...h(n). When the hash
> > table is created, one of the functions is picked randomly. This makes it
> > impossible to craft an attack request, because you cannot predict the
> > function. 
> Indeed.  The optional "seed" parameter to Hashtbl.create does exactly
> this in the new implementation of Hashtbl (the one based on Murmur3).

I see. It will be available in 3.13:

val create : ?seed:int -> int -> ('a, 'b) t

There is also an additional functorized interface where this seed
argument exists (Hashtbl.MakeSeeded), and the hash functions seeded_hash
and seeded_hash_param. Well done!

Nevertheless, as we all don't know when 3.13 is ready, I'll have to find
a temporary fix for Ocamlnet. Maybe just a limit for the number of POST

> > So, the question is how to do 3). I see two problems here:
> > 
> > a) how to define the family of hash functions. Is it e.g. sufficient to
> > introduce an initialization vector for the Murmurhash algorithm, and
> > fill it randomly?
> IIRC, the Web pages for the Murmur family of hashes gives some
> statistical evidence that this approach works.
> > How to get a random number that is good enough?
> Hmm.  /dev/random is your friend on the platforms that support it.
> Otherwise, there's always the Random module, but Random.self_init
> isn't very strong.

Well, /dev/(u)random covers most Unix platforms nowadays. If you are
interested, I have a wrapper for Win32:

Scroll down until netsys_fill_random.

Gerd Stolpmann, Darmstadt, Germany
Creator of GODI and
Contact details:
Company homepage:

Caml-list mailing list.  Subscription management and archives:
Beginner's list:
Bug reports:

Reply via email to