------- Original message -------
From: Joe Orton
(hash(key) * ht->pure_random_number) % ht->max
where ht->max is 15 by default. So you "merely" have to increase the
size of the input by 15 to produce at least the same overhead; the
attacker must generate 15n keys to ensure they hit all the buckets. The
attack is still quadratic time.
At hash size of 15 we are probably not going to hit computational limits.
However, if the hash is say 511 in size (because it will grow and is always
the size of a power of two minus one), the attacker will then (according to
the above maths) have to provide 500 times more input to hit the problem.
That may be more difficult. Right?
--
Bojan
