[QTBUG-23529] [Security] qHash(): consider using random hash functions to prevent collision attacks - Qt Bug Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: P1: Critical
Resolution: Done
Affects Version/s: 4.8.0
Fix Version/s: 5.0.0 Beta 1, 5.0.0
Component/s: Core: QString and Unicode
Labels:
None

Commits:
c01eaa438200edc9a3bbcd8ae1e8ded058bea268

Description

This is more a problem on the server side, but still we should be aware of this. It looks like one could create collisions with our qHash(QString) which would eat up CPU, see http://events.ccc.de/congress/2011/Fahrplan/events/4680.en.html

Attachments

Issue Links

is required for

QTBUG-25005 Critical issues for Qt5 Beta 1

Closed

Options
- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

Gerrit Reviews

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Unassigned

Reporter:: Peter Hartmann (closed Nokia identity) (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 09 Jan '12 10:25

Updated:: 16 Apr '12 10:36

Resolved:: 16 Apr '12 10:36

Gerrit Reviews

There are no open Gerrit changes

Show There are 3 closed Gerrit changes

Hide There are 3 closed Gerrit changes

QHash security fix (1/2): add global QHash seed: Gerrit Review:

QHash security fix (1.5/2): qHash two arguments overload support: Gerrit Review:

QHash security fix (2/2): enable QHash random seed: Gerrit Review: