Edit report at https://bugs.php.net/bug.php?id=60655&edit=1
ID: 60655 Updated by: larue...@php.net Reported by: larue...@php.net Summary: add max_input_vars for json/serialize Status: Open Type: Feature/Change Request Package: *General Issues PHP Version: 5.3.9RC4 Block user comment: N Private report: N New Comment: sesser, I am not good at algorithm, so if you can help me, I will appreciate. just a guess, what about change the zend_hash_func, add some new seed like: register ulong hash = 5381 + nKeyLength; thanks Previous Comments: ------------------------------------------------------------------------ [2012-01-05 14:44:32] ses...@php.net It is not "a theory", The whole disclosure from n-runs was about colliding the DJB hash function with alpha numerical keys. ------------------------------------------------------------------------ [2012-01-05 14:14:08] larue...@php.net <laruence> I got you point, and agree in theory, yes, the string hash value could be the same, does anyone have a method to compute it in real? <nikic> yes <laruence> I really doubt that if we can find so many string keys with the same hash value to be able launch a attach, and won't reach the max post size ------------------------------------------------------------------------ [2012-01-05 14:05:52] larue...@php.net oh, I got you, thanks. ------------------------------------------------------------------------ [2012-01-05 14:04:50] larue...@php.net yes, the hash value of string index is the same, but the index = hash_value % nTableSize, we don't use the hash value as index directly, didn't I misunderstand you? ------------------------------------------------------------------------ [2012-01-05 11:53:37] ses...@php.net You are mistaken to believe that randomizing the TableSize will stop predictable collisions: This is only true if you try to exploit the problem with numerical indicies. The moment you use alpha numerical keys and produce collisions in the DJB hashing function the table size does not matter anymore, because the return value of the hash function is the same. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=60655 -- Edit this bug report at https://bugs.php.net/bug.php?id=60655&edit=1