|There's more than one way to do things
Re^15: Hash order randomization is coming, are you ready?by demerphq (Chancellor)
|on Dec 04, 2012 at 10:01 UTC
With respect, that is garbage
With respect I think you are under informed. See SipHash and the documented attacks on various hash functions. A strong hash does not allow one to predict the hash value of a given string even if one knows the hash value of any other string assuming one does not know the seed.
. If the "attacker" has sufficient access to be able to determine the per-process seeding
Exposing key order provides an attacker information that can be used to eventually deduce the seed. Randomizing per hash means that this information is useless. We know that much code exposes key order without realizing it.
Would copy/pasting taking so much timeand effort?
Would *reading* what has been written be so much time and effort? I don't mind explaining if you genuinely do not understand what has been said, but the impression I have is that you are unwilling to read what has already been written and would prefer to interrogate me about the same points while being offensive in the process. Eg, using big bold to repeat things I already said, ignoring what has been said (such as "per process randomization") and accusing me of talking garbage.