Edit report at https://bugs.php.net/bug.php?id=60655&edit=1
ID: 60655 Comment by: miha dot vrhovnik at domenca dot si Reported by: larue...@php.net Summary: add max_input_vars for json/serialize Status: Open Type: Feature/Change Request Package: *General Issues PHP Version: 5.3.9RC4 Block user comment: N Private report: N New Comment: As the authors say in the video the Perl solved this in 2003. They fixed it by randomizing hash seed. Probably for each "hash". You can look this video for more details: http://www.youtube.com/watch?v=R2Cq3CLI6H8&feature=channel_video_title Previous Comments: ------------------------------------------------------------------------ [2012-01-05 15:07:54] larue...@php.net sesser, yes, you are right, a constant can not fix this problem, only make it more diffcult to find the special keys.. ------------------------------------------------------------------------ [2012-01-05 14:52:32] ses...@php.net laruence: nothing against you, but fixing the hash table thing is not a simple easy fix. It must be done by someone who understands the mathematical problem of hash collisions and who understands the impact of making changes to a hash function. Just changing some constants in the algorithm will not improve the situation. The opposite can be the case. By changing some constants it could be possible to destroy the distribution of collisions and suddenly some values collide more often than others. So please do not try to fix a problem that must be solved by someone with the mathematical background knowledge. ------------------------------------------------------------------------ [2012-01-05 14:48:14] ses...@php.net BTW a simple approach to cause 65536 alpha numerical collisions would use most probably less than 2MB of POST payload. And this is the NOT mathematically optimized version. ------------------------------------------------------------------------ [2012-01-05 14:47:21] larue...@php.net sesser, I am not good at algorithm, so if you can help me, I will appreciate. just a guess, what about change the zend_hash_func, add some new seed like: register ulong hash = 5381 + nKeyLength; thanks ------------------------------------------------------------------------ [2012-01-05 14:44:32] ses...@php.net It is not "a theory", The whole disclosure from n-runs was about colliding the DJB hash function with alpha numerical keys. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=60655 -- Edit this bug report at https://bugs.php.net/bug.php?id=60655&edit=1
