Proposal for passing bound and salt in a safe way John Cowan (16 Oct 2015 16:05 UTC)
Re: Proposal for passing bound and salt in a safe way taylanbayirli@xxxxxx (16 Oct 2015 17:26 UTC)
Re: Proposal for passing bound and salt in a safe way John Cowan (16 Oct 2015 17:34 UTC)
Re: Proposal for passing bound and salt in a safe way taylanbayirli@xxxxxx (16 Oct 2015 19:53 UTC)

Re: Proposal for passing bound and salt in a safe way John Cowan 16 Oct 2015 17:34 UTC

Taylan Ulrich Bayırlı/Kammer scripsit:

> Hmm, that's an interesting idea, but I'm not sure if it solves the
> problem.  If I have existing hash function H which does not call
> hash-salt, and now a hash table library tries to derive H2 from it by
> wrapping it in a 'parameterize' for hash-salt, that won't work very
> well, or will it?  It would be better for the library to call H with the
> extra salt argument and cause a fast failure when H doesn't accept it.

No, it won't.  The idea here is to preserve existing custom hash functions,
and if you expose yourself to DoS in that context, that is your problem.

--
John Cowan          http://www.ccil.org/~cowan        xxxxxx@ccil.org
I come from under the hill, and under the hills and over the hills my paths
led. And through the air. I am he that walks unseen.  I am the clue-finder,
the web-cutter, the stinging fly. I was chosen for the lucky number.  --Bilbo