Hash-flooding DoS reloaded: attacks and defenses par Jean-Philippe Aumasson

A session at Application Security Forum - Western Switzerland

Thursday 8th November, 2012

10:20am to 11:10am (CET)

At 28c3, Klink and Waelde demonstrated that a number of technologies (PHP, .NET, Ruby, Java, etc.) remained vulnerable to the decade-old hash-flooding DoS attacks. These attacks work by enforcing worst-case insert time in hash tables by sending many inputs hashing to the same value (a “multicollision”). Many vendors fixed the issue by replacing the weak deterministic hash function with stronger and randomized hash functions. In this presentation, we will show examples of such stronger randomized hash functions that fail to protect against hash-flooding, by presenting “universal multicollision” attacks based on differential cryptanalysis techniques. We will present demos showing how to exploit these attacks to DoS a Ruby on Rails application, as well as the latest Java OpenJDK; two technologies that chose to “fix” hash-flooding by using the MurmurHash hash functions. Finally, we will describe a reliable fix to hash-flooding with the SipHash family of pseudorandom functions: SipHash provides the adequate cryptographic strength to mitigate hash-flooding, yet is competitive in performance with the non-cryptographic hashes.

About the speakers

This person is speaking at this event.
JP Aumasson

cryptosecurity — https://131002.net/siphashhttps://blake2.nethttps://cryptocoding.nethttps://password-hashing.nethttps://norx.io bio from Twitter

This person is speaking at this event.
Martin Boßlet

Passionate about cryptography, Ruby, security, programming in general. Committer to CRuby, mostly helping maintaining the OpenSSL extension. bio from Twitter

Coverage of this session

Sign in to add slides, notes or videos to this session

Tell your friends!


Time 10:20am11:10am CET

Date Thu 8th November 2012

Short URL


Official session page


View the schedule


See something wrong?

Report an issue with this session