Schadcode that demonstrates a revisited hash-flooding DoS attack (cf. https://www.131002.net/siphash/).
Ruby Java JavaScript Other
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
jdk/collider
presentation
ruby
.gitignore
LICENSE
README.md

README.md

Schadcode - Schadenfreude for Hash Functions

Here you may find proofs of concept illustrating how the techniques developed at https://www.131002.net/siphash/ could have been realized in practice. The code presented here breaks MurmurHash 2 and 3 in real-life situations, serving as a scary example for how relatively easily countermeasures installed after the presentation of the original "hashDoS" vulnerability by Klink and Waelde at 28C3 can be circumvented, ultimately leading to valid DoS attacks on software being frequently used today. Find out more about the details here.

Purpose

The intention is to raise the level of awareness and to demonstrate that the threat is clear and present, one with possibly severe consequences.

Disclaimer

Do not use any of the material presented here to cause harm. I will find out where you live, I will surprise you in your sleep and I will tickle you so hard that you will promise to behave until the end of your days.

License

Copyright (c) 2012 Martin Boßlet. Distributed under the MIT License. See LICENSE for further details.