Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify HashMap docs discussion of DoS protection #33817

Closed
aturon opened this issue May 23, 2016 · 8 comments · Fixed by #35371
Closed

Clarify HashMap docs discussion of DoS protection #33817

aturon opened this issue May 23, 2016 · 8 comments · Fixed by #35371
Assignees
@steveklabnik
Labels
E-easy Call for participation: Easy difficulty. Experience needed to fix: Not much. Good first issue. E-help-wanted Call for participation: Help is requested to fix this issue. E-mentor Call for participation: This issue has a mentor. Use #t-compiler/help on Zulip for discussion.

Comments

@aturon
Copy link
Member

aturon commented May 23, 2016

Today, the HashMap docs say:

The hashes are all keyed by the thread-local random number generator on creation by default. This means that the ordering of the keys is randomized, but makes the tables more resistant to denial-of-service attacks (Hash DoS). No guarantees are made to the quality of the random data. The implementation uses the best available random data from your platform at the time of creation. This behavior can be overridden with one of the constructors.

While this is accurate, it's burying the lede: we should say much more clearly what the tradeoffs are, and point more directly toward the custom hashing infrastructure. E.g.:

By default, HashMaps use a somewhat slow hashing algorithm that provides resistance to denial-of-service attacks (Hash DoS). For cases where DoS protection isn't needed, you can opt into a faster hasher by using some details here.
@aturon aturon added the A-docs label May 23, 2016
@steveklabnik
Copy link
Member

part of #29348

@steveklabnik steveklabnik added E-easy Call for participation: Easy difficulty. Experience needed to fix: Not much. Good first issue. E-mentor Call for participation: This issue has a mentor. Use #t-compiler/help on Zulip for discussion. E-help-wanted Call for participation: Help is requested to fix this issue. labels Jun 27, 2016
@steveklabnik
Copy link
Member

I would be happy to work with anyone who wants to work on this issue.

@apoelstra
Copy link
Contributor

#33086 is relevant to this bug -- now the docs should say that Rust uses a slow hash function by default "for DoS protection", but does not actually provide DoS protection.

@mgattozzi
Copy link
Contributor

@steveklabnik I'd like to take a crack at this issue with your help. I won't be able to work on it today but I could tomorrow.

@steveklabnik
Copy link
Member

@mgattozzi great! Can you swing by IRC tomorrow? That'd be easiest

@mgattozzi
Copy link
Contributor

The docs IRC channel correct? I'll swing by around 7pm EST maybe even
slightly earlier

On Wed, Aug 3, 2016, 17:17 Steve Klabnik notifications@github.com wrote:

@mgattozzi https://github.com/mgattozzi great! Can you swing by IRC
tomorrow? That'd be easiest


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#33817 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ADWgH5YKt0H0bzuuHrKm9bwCHoSVdgUXks5qcQV-gaJpZM4IkoPE
.

@steveklabnik
Copy link
Member

Yeah, any of them. That's a little late for me, but I'm sure that one of us can be helpful 😄

(And I'm also happy to do it asynchronously through this issue too, just sometimes real-time is a bit easier.)

@mgattozzi
Copy link
Contributor

I'll pop in around that time and if you're around great if not I'll point
the channel to this issue to ask for help if I need it. I could pop on
during work lunch break tomorrow and at least get a starting point from you
if that works as well.

On Wed, Aug 3, 2016 at 6:15 PM Steve Klabnik notifications@github.com
wrote:

Yeah, any of them. That's a little late for me, but I'm sure that one
of us can be helpful 😄

(And I'm also happy to do it asynchronously through this issue too, just
sometimes real-time is a bit easier.)


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#33817 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ADWgH_-hJiCu6ixjvDSmgPqr8JsQ72AIks5qcRL4gaJpZM4IkoPE
.

@mgattozzi mgattozzi mentioned this issue Aug 5, 2016
Merged
sophiajt pushed a commit to sophiajt/rust that referenced this issue Aug 8, 2016
Rollup merge of rust-lang#35371 - mgattozzi:master, r=steveklabnik
75efffe 
Update HashMap docs regarding DoS protection

Because of changes to how Rust acquires randomness HashMap is not
guaranteed to be DoS resistant. This commit reflects these changes in
the docs themselves and provides an alternative method to creating
a hash that is resistant if needed.

This fixes rust-lang#33817 and includes relevant information regarding changes made in rust-lang#33086
steveklabnik added a commit to steveklabnik/rust that referenced this issue Aug 10, 2016
@steveklabnik
Rollup merge of rust-lang#35371 - mgattozzi:master, r=steveklabnik
192c8b0 
Update HashMap docs regarding DoS protection

Because of changes to how Rust acquires randomness HashMap is not
guaranteed to be DoS resistant. This commit reflects these changes in
the docs themselves and provides an alternative method to creating
a hash that is resistant if needed.

This fixes rust-lang#33817 and includes relevant information regarding changes made in rust-lang#33086
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@steveklabnik steveklabnik

Labels
E-easy Call for participation: Easy difficulty. Experience needed to fix: Not much. Good first issue. E-help-wanted Call for participation: Help is requested to fix this issue. E-mentor Call for participation: This issue has a mentor. Use #t-compiler/help on Zulip for discussion.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update HashMap docs regarding DoS protection
4 participants
@steveklabnik @aturon @apoelstra @mgattozzi