From: nobu@... Date: 2016-12-05T13:04:53+00:00 Subject: [ruby-core:78496] [Ruby trunk Bug#13002] Hash calculations no longer using universal hashing Issue #13002 has been updated by Nobuyoshi Nakada. In Bug #9381, it claims that st searches/inserts only on hash values and equalities. Switching hash functions hiddenly from ruby space can't be compatible with Bug #9381. The candidates would be: 1. revert hash switching, 2. revert Bug #9381, 3. add a way to switch `#hash` methods, 4. or something else. ---------------------------------------- Bug #13002: Hash calculations no longer using universal hashing https://bugs.ruby-lang.org/issues/13002#change-61875 * Author: Martin D��rst * Status: Open * Priority: Normal * Assignee: * ruby -v: * Backport: 2.1: DONTNEED, 2.2: DONTNEED, 2.3: DONTNEED ---------------------------------------- When preparing for my lecture on hash tables last week, I found that Ruby trunk doesn't do universal hashing anymore. See http://events.ccc.de/congress/2011/Fahrplan/attachments/2007_28C3_Effective_DoS_on_web_application_platforms.pdf for background. I contacted security@ruby-lang.org, but was told by Shugo that because trunk is not a published version, we can talk about it publicly. Shugo also said that the change was introduced in r56650. Following is some output from two different versions of Ruby that show the problem: On Ruby 2.2.3, different hash value for the same number every time Ruby is restarted: C:\Users\duerst>ruby -v ruby 2.2.3p173 (2015-08-18 revision 51636) [i386-mingw32] C:\Users\duerst>ruby -e 'puts 12345678.hash' 611647260 C:\Users\duerst>ruby -e 'puts 12345678.hash' -844752827 C:\Users\duerst>ruby -e 'puts 12345678.hash' 387106497 On Ruby trunk, always the same value: duerst@Arnisee /cygdrive/c/Data/ruby $ ruby -v ruby 2.4.0dev (2016-12-02 trunk 56965) [x86_64-cygwin] duerst@Arnisee /cygdrive/c/Data/ruby $ ruby -e 'puts 12345678.hash' 1846311797112760547 duerst@Arnisee /cygdrive/c/Data/ruby $ ruby -e 'puts 12345678.hash' 1846311797112760547 duerst@Arnisee /cygdrive/c/Data/ruby $ ruby -e 'puts 12345678.hash' 1846311797112760547 ---Files-------------------------------- switching_hash_removal.patch (9.21 KB) -- https://bugs.ruby-lang.org/ Unsubscribe: