Hi Stas,

On Wed, Sep 21, 2016 at 11:26 AM, Stanislav Malyshev
<smalys...@gmail.com> wrote:
>> I think we are better to limit max collisions.
>> I'm +1 for Nikita's proposal does this.
> Max collision per what? How much would be the limit?

Collision by keys.

It would be nice to have configurable limit like regex stack/backtrack limit.
That said, wouldn't 1000 enough for almost all apps?

Anyway, we have two choices
 - Simply limit the number of collisions. (Fast and has no impact to code)
 - Use crypt safe hash and salt. (Slow and has impact to opcache/etc)

Limiting something is good to have sometimes.
Python even limits number of recursions to 1000 by default.
We have PCRE stack/backtrack limits. (We'll have mbregex stack limit soon)
Collision limit is good one also.


Yasuo Ohgaki

PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to