@_emboss_ I don't know offhand what they used. It's string.c I should be looking at, right? Looks like the same as upstream 1.8
-
-
@bascule Yes, rb_str_hash. Is it the same as this: https://github.com/ruby/ruby/blob/ruby_1_8_7/string.c#L880-915 … ? -
@_emboss_ confirm. So it's basically vulnerable with no known exploit? (until you write one? ;) -
@bascule Something like that hehe. Then, 32 bit hashes aren't evoking too much confidence anyway. -
@_emboss_ maybe I'll try to write my own hash collider ;) -
-
@nahi@_emboss_ if I actually pull it off I'll be pinging the@livingsocial security team first but you'll be second ;) -
@bascule Wanna be your first! :)@_emboss_@LivingSocial
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.