On Wednesday, 1 April 2015 at 12:05:37 UTC, Johannes Pfau wrote:
It's probably more a problem for vibe-d or other
server-like applications. Those should make sure to use
DOS-safe hash
tables. For most applications there's no possibility for DOS
attacks
using hash tables and we indeed shouldn't make these
applications
slower.
The vulnerability presentation suggests perl solution (random
hash seed) is good enough, it doesn't slow down anything. The
seed can be left zero and initialized by an application as
needed. One can also use a longer key and add more its bits
every, say, 10 bytes of hashed data, not sure if it will make any
difference.
