On 18/03/12 06:56, Tjerk Anne Meesters wrote: > On Sun, Mar 18, 2012 at 8:12 AM, Stas Malyshev <smalys...@sugarcrm.com> wrote: >> Obvious solution would be to use a salt for the hash, which prevents blind >> pre-computing of hash collisions. However, due to the fact that PHP hash >> values can be reused in different processes by bytecode caches, implementing >> it properly is not trivial. > What if php uses salts for specific hashes only, such as GPC (or all > hashes whose lifetime is limited to the current reuqest), and use a > zero-value salt for all others? We'll need to have at least two kind of hashes, at that point, I think it makes sense to place the salt as a member of the HashTable struct. Bytecode caches would just store the salt with the hash. We can also mt_rand() the salt of each hash, for further randomization.
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
