Hi all, Am 24.12.2014 10:47 schrieb "Yasuo Ohgaki" <yohg...@ohgaki.net>: > > On Wed, Dec 24, 2014 at 6:29 PM, Pierre Joye <pierre....@gmail.com> wrote: > > > I do not see how it solves the problem. It only reduces it, slightly. > > Having a couple of medium instances generating crafted requests will > > just have the same effect. So far the more realistic suggestions are > > about having collision safe implementation, not implementation with > > limited collisions. > > > > It's ideal, but other languages are just switched to more secure hash and > random > seed. I'm not sure how feasible it would be.
See http://en.m.wikipedia.org/wiki/SipHash - in addition to e.g. Perl and Python listed there, I think the same hash is also used in redis. What could be the specific PHP issues that make it unfeasible, compared to other languages that adopted the approach? Iteration instability was one of the issues I remember from discussions about introducing a per-run randomized hash in perl, but the PHP ordered array / linked list thing already avoids that. Getting the random seed at RINIT time might be a bit problematic, doing it in MINIT would already help? Other issues? best regards Patrick
