On 30.12.2011 18:29, Levente Uzonyi wrote:
On Fri, 30 Dec 2011, Levente Uzonyi wrote:
On Fri, 30 Dec 2011, Levente Uzonyi wrote:
On Fri, 30 Dec 2011, Philippe Marschall wrote:
Hi
As you probably noted string hash collisions are all the rage these
days [1]. Has anybody looked into whether this applies to Pharo as
well?
I'm sure it does.
Ok, I read the slides. Pharo is vulnerable, but the hash function is
more complex than those in PHP, Java, etc. (though it has only 28
bits), so I guess it's a bit harder to find enough strings with
clashing hashes.
I think I found an easy way to create a slightly different attack. I'll
test it against Seaside if I'll have time for it tomorrow.
Thanks, I'd be interested in the results obviously.
Cheers
Philippe
