I wrote a topic about this yesterday, but as a new member my posts are
moderated and it seems that moderators of this forum are somewhat
inactive... :-)
For more information about this, you can see the paper [1], slides from the
presentation [2] and twitter account dedicated to this vulnerabili
String hashing uses the default java hashCode method which contains the
vulnerability.
user=> (= (hash "Ey") (hash "FZ"))
true
user=> (apply = (map hash ["EyEy" "FZEy" "EyFZ" "FZFZ"]))
true
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to
http://www.kb.cert.org/vuls/id/903934 should give you pointers to
understand the problems, and
http://www.ocert.org/advisories/ocert-2011-003.html has details about
what is vulnerable from an HTTP request processing point of view.
Fixing the underlying map / hash tools would be awesome, of course,
Should we watch the whole video to see what you mean?
At what time is it important?
Cheers,
Hubert
On Sat, Dec 31, 2011 at 1:39 PM, Brian Mosley wrote:
> Saw this in a scala mailing list thread:
>
> http://www.youtube.com/watch?v=R2Cq3CLI6H8
>
> Should the clojure hash be fixed?
>
> --
> You r
