gxhash icon indicating copy to clipboard operation
gxhash copied to clipboard
verified publisher icon ogxd

Make the algorithm more DOS resistant?

Open vlovich opened this issue 1 year ago • 1 comments

Based on https://news.ycombinator.com/item?id=40344581, it sounds like a fixed point attack might be part of a DOS exploit chain. It wouldn't be a backwards compatible change (i.e. would need to bump the major version), but could the compression function incorporate the seed? Hopefully this has no impact on performance.

vlovich avatar May 28 '24 18:05 vlovich

Hello @vlovich I guess we'd have to try in order to know whether it's possible to exploit the current compression to make a fixed-point attack. On my end I don't have a lot of experience in this but this is something I want to try. If this is no longer a theory but something easily doable in practice we can indeed address it and bump the major version.

ogxd avatar May 28 '24 20:05 ogxd

Duplicate of https://github.com/ogxd/gxhash/issues/83. Keeping the issue 83 as it is more in-depth

ogxd avatar Nov 05 '24 22:11 ogxd