[FP] `Hash timing attack` for non-cryptographic hashes
jdreesen opened this issue · comments
Jacob Dreesen commented
Subject | Details |
---|---|
Plugin | Php Inspections (EA Ultimate) 2023.1 |
Language level | PHP 8.1 |
Current behaviour
EA reports a possible hash timing attack for hash algorithms that are not designed for cryptographic purposes (like xxHash
):
Expected behaviour
Do timing attacks for non-cryptographic hashes really matter? I'd expect it to not report this error.
Environment details
PhpStorm 2023.1.3
Build #PS-231.9161.47, built on June 22, 2023
Runtime version: 17.0.7+10-b829.16 amd64
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o.
Linux 5.4.0-153-generic
GC: G1 Young Generation, G1 Old Generation
Memory: 6144M
Cores: 8
Current Desktop: ubuntu:GNOME