Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Make the algorithm more DOS resistant? #77

Closed
vlovich opened this issue May 28, 2024 · 2 comments · May be fixed by #88
Closed

Make the algorithm more DOS resistant? #77

vlovich opened this issue May 28, 2024 · 2 comments · May be fixed by #88
Labels
security 🔒

Comments

@vlovich
Copy link

vlovich commented May 28, 2024

Based on https://news.ycombinator.com/item?id=40344581, it sounds like a fixed point attack might be part of a DOS exploit chain. It wouldn't be a backwards compatible change (i.e. would need to bump the major version), but could the compression function incorporate the seed? Hopefully this has no impact on performance.
@ogxd
Copy link
Owner

ogxd commented May 28, 2024
edited
Loading

Hello @vlovich
I guess we'd have to try in order to know whether it's possible to exploit the current compression to make a fixed-point attack. On my end I don't have a lot of experience in this but this is something I want to try. If this is no longer a theory but something easily doable in practice we can indeed address it and bump the major version.

@ogxd ogxd linked a pull request Jun 12, 2024 that will close this issue
Improve DOS resistance #88
Draft
@ogxd
Copy link
Owner

ogxd commented Nov 5, 2024

Duplicate of #83. Keeping the issue 83 as it is more in-depth

@ogxd ogxd closed this as completed Nov 5, 2024
@ogxd ogxd closed this as not planned Won't fix, can't repro, duplicate, stale Nov 6, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
security 🔒
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Improve DOS resistance ogxd/gxhash
2 participants
@vlovich @ogxd