Giuseppe D'Angelo 33984e72ab QHash security fix (1/2): add global QHash seed ... Algorithmic complexity attacks against hash tables have been known since 2003 (cf. [1, 2]), and they have been left unpatched for years until the 2011 attacks [3] against many libraries / (reference) implementations of programming languages. This patch adds a global integer, to be used as a seed for the hash function itself. The seed is randomly initialized the first time a QHash detaches from shared_null. Right now the seed is not used at all -- another patch will modify qHash to make use of it. [1] http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf [2] http://perldoc.perl.org/perlsec.html#Algorithmic-Complexity-Attacks [3] http://www.ocert.org/advisories/ocert-2011-003.html Task-number: QTBUG-23529 Change-Id: I7519e4c02b9c2794d1c14079b01330eb356e9c65 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>		2012-04-03 19:12:13 +02:00
..
configure	QHash security fix (1/2): add global QHash seed	2012-04-03 19:12:13 +02:00
shared/windows	Remove "All rights reserved" line from license headers.	2012-01-30 03:54:59 +01:00