Re: Proposal for passing bound and salt in a safe way John Cowan 16 Oct 2015 17:34 UTC

Taylan Ulrich Bayırlı/Kammer scripsit:

> Hmm, that's an interesting idea, but I'm not sure if it solves the
> problem.  If I have existing hash function H which does not call
> hash-salt, and now a hash table library tries to derive H2 from it by
> wrapping it in a 'parameterize' for hash-salt, that won't work very
> well, or will it?  It would be better for the library to call H with the
> extra salt argument and cause a fast failure when H doesn't accept it.

No, it won't.  The idea here is to preserve existing custom hash functions,
and if you expose yourself to DoS in that context, that is your problem.

John Cowan
I come from under the hill, and under the hills and over the hills my paths
led. And through the air. I am he that walks unseen.  I am the clue-finder,
the web-cutter, the stinging fly. I was chosen for the lucky number.  --Bilbo