Giters

RWentworth / schadcode

Schadcode that demonstrates a revisited hash-flooding DoS attack (cf. https://www.131002.net/siphash/).

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Schadcode - Schadenfreude for Hash Functions

Here you may find proofs of concept illustrating how the techniques developed at https://www.131002.net/siphash/ could have been realized in practice. The code presented here breaks MurmurHash 2 and 3 in real-life situations, serving as a scary example for how relatively easily countermeasures installed after the presentation of the original "hashDoS" vulnerability by Klink and Waelde at 28C3 can be circumvented, ultimately leading to valid DoS attacks on software being frequently used today. Find out more about the details here.

Purpose

The intention is to raise the level of awareness and to demonstrate that the threat is clear and present, one with possibly severe consequences.

Disclaimer

Do not use any of the material presented here to cause harm. I will find out where you live, I will surprise you in your sleep and I will tickle you so hard that you will promise to behave until the end of your days.

License

Copyright (c) 2012 Martin Boßlet. Distributed under the MIT License. See LICENSE for further details.

About

Schadcode that demonstrates a revisited hash-flooding DoS attack (cf. https://www.131002.net/siphash/).

License:MIT License

Languages

Language:Ruby 69.8%Language:Java 18.5%Language:HTML 6.7%Language:CSS 2.0%Language:JavaScript 1.8%Language:CoffeeScript 0.6%Language:Shell 0.6%