[
https://issues.apache.org/jira/browse/PIRK-74?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15613359#comment-15613359
]
ASF GitHub Bot commented on PIRK-74:
------------------------------------
Github user asfgit closed the pull request at:
https://github.com/apache/incubator-pirk/pull/111
> Information leakage through predictable failed hash keys
> --------------------------------------------------------
>
> Key: PIRK-74
> URL: https://issues.apache.org/jira/browse/PIRK-74
> Project: PIRK
> Issue Type: Bug
> Reporter: Jacob Wilder
> Assignee: Jacob Wilder
> Labels: security
> Fix For: 0.3.0
>
>
> Given that “If we have hash collisions over our selector set, we will append
> integers to the key starting with 0 until we no longer have collisions” if an
> attacker sees that the hash key is one with integers on the end and the space
> for selectors is well defined (or the attacker has a hunch about what the
> actually-selected selector space looks like) they could feed either all or
> subsets of their probable-selector pool into the keyed hash function given
> keys with lower integers and look for collisions. The higher the key has been
> incremented the more leaks possible (it’s unlikely the same two selectors
> caused collisions with different hash keys).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
