<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Issue 2291: std::hash is vulnerable to collision DoS attack</title>
<meta property="og:title" content="Issue 2291: std::hash is vulnerable to collision DoS attack">
<meta property="og:description" content="C++ library issue. Status: C++14">
<meta property="og:url" content="https://cplusplus.github.io/LWG/issue2291.html">
<meta property="og:type" content="website">
<meta property="og:image" content="http://cplusplus.github.io/LWG/images/cpp_logo.png">
<meta property="og:image:alt" content="C++ logo">
<style>
  p {text-align:justify}
  li {text-align:justify}
  pre code.backtick::before { content: "`" }
  pre code.backtick::after { content: "`" }
  blockquote.note
  {
    background-color:#E0E0E0;
    padding-left: 15px;
    padding-right: 15px;
    padding-top: 1px;
    padding-bottom: 1px;
  }
  ins {background-color:#A0FFA0}
  del {background-color:#FFA0A0}
  table.issues-index { border: 1px solid; border-collapse: collapse; }
  table.issues-index th { text-align: center; padding: 4px; border: 1px solid; }
  table.issues-index td { padding: 4px; border: 1px solid; }
  table.issues-index td:nth-child(1) { text-align: right; }
  table.issues-index td:nth-child(2) { text-align: left; }
  table.issues-index td:nth-child(3) { text-align: left; }
  table.issues-index td:nth-child(4) { text-align: left; }
  table.issues-index td:nth-child(5) { text-align: center; }
  table.issues-index td:nth-child(6) { text-align: center; }
  table.issues-index td:nth-child(7) { text-align: left; }
  table.issues-index td:nth-child(5) span.no-pr { color: red; }
  @media (prefers-color-scheme: dark) {
     html {
        color: #ddd;
        background-color: black;
     }
     ins {
        background-color: #225522
     }
     del {
        background-color: #662222
     }
     a {
        color: #6af
     }
     a:visited {
        color: #6af
     }
     blockquote.note
     {
        background-color: rgba(255, 255, 255, .10)
     }
  }
</style>
</head>
<body>
<hr>
<p><em>This page is a snapshot from the LWG issues list, see the <a href="lwg-active.html">Library Active Issues List</a> for more information and the meaning of <a href="lwg-active.html#C++14">C++14</a> status.</em></p>
<h3 id="2291"><a href="lwg-defects.html#2291">2291</a>. <code>std::hash</code> is vulnerable to collision DoS attack</h3>
<p><b>Section:</b> 16.4.4.5 <a href="https://wg21.link/hash.requirements">[hash.requirements]</a> <b>Status:</b> <a href="lwg-active.html#C++14">C++14</a>
 <b>Submitter:</b> Zhihao Yuan <b>Opened:</b> 2013-09-02 <b>Last modified:</b> 2016-01-28</p>
<p><b>Priority: </b>Not Prioritized
</p>
<p><b>View all other</b> <a href="lwg-index.html#hash.requirements">issues</a> in [hash.requirements].</p>
<p><b>View all issues with</b> <a href="lwg-status.html#C++14">C++14</a> status.</p>
<p><b>Discussion:</b></p>
<p>
For a non-cryptographic hash function, it's possible to pre-calculate massive inputs with 
the same hashed value to algorithmically slow down the unordered containers, and results 
in a denial-of-service attack. Many languages with built-in hash table support have fixed
this issue. For example, Perl has universal hashing, Python 3 uses salted hashes.
<p/>
However, for C++, in 16.4.4.5 <a href="https://wg21.link/hash.requirements">[hash.requirements]</a> p2, Table 26:
</p>

<blockquote><p>
The value returned shall depend only on the argument <code>k</code>.
[<i>Note:</i> Thus all evaluations of the expression <code>h(k)</code> with the
same value for <code>k</code> yield the same result. &mdash; <i>end note</i>]
</p></blockquote>

<p>
The wording is not clear here: does that mean all the standard
library implementations must use the same hash function for a same
type?  Or it is not allowed for an implementation to change its hash
function?
<p/>
I suggest to explicitly allow the salted hash functions.
</p>

<p><i>[2013-09 Chicago]</i></p>

<p>
Moved to Ready.
</p>

<p>
There is some concern that the issue of better hashing, especially standardizing any kind of
secure hashing, is a feature that deserves attention in LEWG
</p>

<p>
The proposed resolution is much simpler than the larger issue though, merely clarifying a
permission that many implementers believe they already have, without mandating a change to
more straight forward implementations.
</p>

<p>
Move to Ready, rather than Immediate, as even the permission has been contentious in reflector
discussion, although the consensus in Chicago is to accept as written unless we hear a further
strong objection.
</p>



<p id="res-2291"><b>Proposed resolution:</b></p>
<p>This wording is relative to N3691.</p>

<ol>
<li><p>Edit 16.4.4.5 <a href="https://wg21.link/hash.requirements">[hash.requirements]</a> p2, Table 26, as indicated: <em>[Editorial note:
We can consider adding some additional guideline here. Unlike 
<a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2012/n3333.html">N3333</a>, this 
proposed change makes the hashing per-execution instead of per-process. The standard does not 
discuss OS processes. And, practically, a per-process hashing makes a program unable to
share an unordered container to a child process. &mdash; end note ]</em></p>

<blockquote>
<table border="1">
<caption>Table 26 &mdash; Hash requirements [hash]</caption>
<tr>
<th>Expression</th>
<th>Return type</th>
<th>Requirement</th>
</tr>

<tr>
<td>
<code>h(k)</code>
</td>
<td>
<code>size_t</code>
</td>
<td>
The value returned shall depend only on the argument <code>k</code><br/>
<ins>for the duration of the program</ins>.<br/>
[<i>Note:</i> Thus all evaluations of the expression <code>h(k)</code> with the<br/>
same value for <code>k</code> yield the same result <ins>for a given<br/>
execution of the program</ins>. &mdash; <i>end note</i>]<br/>
</td>
</tr>

<tr>
<td colspan="3" align="center">
<code>&hellip;</code>
</td>
</tr>

</table>
</blockquote>
</li>
</ol>





</body>
</html>
