On Thu, Aug 14, 2014 at 04:32:24PM +0000, via Digitalmars-d-learn wrote: > On Thursday, 14 August 2014 at 13:10:58 UTC, bearophile wrote: > >Marc Schütz: > > > >>Isn't SuperFastHash vulnerable to collision attacks? > > > >D AAs used to be not vulnerable to collision attacks because they > >resolved collisions building a red-black tree for each bucket. Later > >buckets became linked lists for speed, leading to the current > >sensitivity to collision attacks. I think D is not yet in the stage > >of its development where it starts to care a lot about attacks. > > IMO this is a _very_ dangerous stance. These kinds of attacks became > well known in 2011, when it turned out that almost all of the commonly > used languages and web frameworks were vulnerable: > http://events.ccc.de/congress/2011/Fahrplan/events/4680.en.html > > It would be nice if D behaved correctly before any actual attack > becomes known. > > Besides, AAs are probably already exposed to outside attackers in > vibe.d (didn't check though). [...]
PR's to fix this issue would be greatly appreciated! T -- Nobody is perfect. I am Nobody. -- pepoluan, GKC forum
