On Wed, Sep 21, 2016 at 3:22 PM, Niklas Keller <m...@kelunik.com> wrote:
> 2016-09-21 14:37 GMT+02:00 Rowan Collins <rowan.coll...@gmail.com>:
> > On 21 September 2016 13:02:20 BST, Glenn Eggleton <geggl...@gmail.com>
> > wrote:
> > >What if we had some sort of configuration limit on collision length?
> > Previous discussions have come to the conclusion that the difference
> > between normal collision frequency and sufficient for a DoS is so large
> > that the only meaningful settings would be on or off. e.g. the proposed
> > limit is 1000, and randomly inserting millions of rows produces about 12.
> > The problem with long running applications is not that they need to raise
> > the limit, it's that they need to handle the error gracefully if they are
> > in fact under attack. Because hash tables are so ubiquitous in the
> > there's no guarantee that that's possible, so an attacker would have the
> > ability to crash the process with the limit turned on, or hang the CPU
> > the limit turned off.
> Another suggestion by Markus Staab is to move the code into the SAPIs and
> have SipHash in CLI and the current hash function in e.g. Apache's SAPI.
> Since long running applications use only the CLI, it would be fine for them
> and it wouldn't even need a compile flag.
> Regards, Niklas
Just so we're clear, switching to siphash is not just a matter of replacing
a hash function implementation. It requires larger changes  to support
non-trivial integer hashes which a) change the structure of HashTable
buckets and may have performance impact even if we continue using identity
hashing and b) will definitely lead to changes in the internal hashtable
API, so this may require changes in extensions. (Collision counting on the
other hand is fully transparent.)