Hash collision attack in PHP

V

vaniapooh2012-01-11 09:32:57

PHP

vaniapooh, 2012-01-11 09:32:57

Can someone explain in a simple and understandable way what a hash collision attack is, how it manifests itself in PHP before version 5.3.9, and what it threatens?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

V

Vlad Frolov, 2012-01-11
@frol

habrahabr.ru/blogs/infosecurity/135530/
The article contains general words, and in the comments - explanations on the fingers.

A

Alexander Korotkov, 2012-01-11
@smagen

This, apparently, is a kind of attack when such data is sent to the script as input, which, when parsing parameters or further processing, forms many hash function collisions. As a result, arrays containing this data start to work terribly slowly. Those. It turns out this is a kind of DoS attack. Why it threatens PHP up to version 5.3.9, I don't know. Perhaps a simple hash function was used there, to which it is easy to pick up collisions.

L

lashtal, 2012-01-11
@lashtal

nikic.github.com/2011/12/28/Supercolliding-a-PHP-array.html Threatens
- transferring about 60,000 elements to an array can take up to 30 seconds (worst case).