http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55815
Bug #: 55815
Summary: switch hash function of libstdc++ hash tables to
siphash
Classification: Unclassified
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
AssignedTo: unassig...@gcc.gnu.org
ReportedBy: felix-...@fefe.de
Hash functions traditionally used by language runtimes for hash tables do not
assume that input values will be chosen maliciously to cause collisions and
degrade performance. This has become a published attack vector on internet
facing hash tables as used in, for example, web services or even memory cache
code in front of a database or so.
libsupc++ implements the Murmur hash, which was specifically targeted in a
recent paper attacking hash functions. See https://131002.net/siphash/ for the
attack code that produces collisions in Murmur2 and Murmur3.
libsupc++ should switch the hash function to siphash, the function proposed by
the authors of this attack.
The same bug should be filed against other user facing hash table
implementations in gcc. I can think of Java and Go, but there might be others.
It may even make sense to replace the hash code gcc itself uses, as there are
now web pages where you can paste code and see which code gcc generates for it,
turning this problem into a security issue if someone pastes code with
colliding symbols to exploit this problem.
