This might be a bit off topic....
Given that you can set POST_REQUEST_SIZE in a production PHP application,
how likely is it really that an app will encounter a HashDos attack?
>From what I gather this will require MBs to GBs of data in order to cause a
>From the web side, I think there are enough tools to prevent HashDos from
Would the issue then affect only CLI users?
Sorry, if this seems like a derail, I am pretty new to the internals list.
On Wed, Sep 21, 2016 at 10:23 AM, Nikita Popov <nikita....@gmail.com> wrote:
> On Wed, Sep 21, 2016 at 4:05 PM, Tom Worster <f...@thefsb.org> wrote:
> > On 9/21/16 8:37 AM, Rowan Collins wrote:
> >> On 21 September 2016 13:02:20 BST, Glenn Eggleton <geggl...@gmail.com>
> >> wrote:
> >>> What if we had some sort of configuration limit on collision length?
> >> Previous discussions have come to the conclusion that the difference
> >> between normal collision frequency and sufficient for a DoS is so large
> >> that the only meaningful settings would be on or off. e.g. the proposed
> >> limit is 1000, and randomly inserting millions of rows produces about
> >> The problem with long running applications is not that they need to
> >> the limit, it's that they need to handle the error gracefully if they
> >> in fact under attack. Because hash tables are so ubiquitous in the
> >> there's no guarantee that that's possible, so an attacker would have the
> >> ability to crash the process with the limit turned on, or hang the CPU
> >> the limit turned off.
> > Right. It seems like count-and-limit pushes the problem onto the user who
> > then has to discriminate normal from malicious causes for rising counters
> > and find appropriate actions for each.
> > Even a sophisticated user who understands hash collision counters may not
> > welcome this since it adds complexity that's hard to test and involves
> > questionable heuristics.
> > Tom
> Quoting a relevant part of the previous discussion:
> > Lets [try] to quantify the probability of reaching the collision limit C
> with a hashtable of size N and assuming a random hash distribution. The
> upper bound for this should be (N choose C) * (1/N)^(C-1), with (1/N)^(C-1)
> being the probability that C elements hash to one value and (N over C) the
> number of C element subsets of an N element set. For large N and N >> C we
> approximate (N choose C) to (e*N/C)^C / sqrt(2pi*C). As such our upper
> bound becomes N * (e/C)^C / sqrt(2pi*C). Choosing N = 2^31 (largest
> possible hashtable) we get for C = 20 probability 8.9E-10 and for C = 100
> probability 2.3E-149. The patch uses C = 1000.
> In other words, it is extremely unlikely that you hit the collision limit
> by accident, with non-malicious data. So no, the user does not have to
> discriminate normal from malicious causes. If the limit triggers, it's