QHash security fix (2/2): enable QHash random seed
Algorithmic complexity attacks against hash tables have been known
since 2003 (cf. [1, 2]), and they have been left unpatched for years
until the 2011 attacks [3] against many libraries /
(reference) implementations of programming languages.
This patch makes qHash use the QHash seed introduced in the
previous commits, thus truly randomizing bucketing in QHash.
[1] http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf
[2] http://perldoc.perl.org/perlsec.html#Algorithmic-Complexity-Attacks
[3] http://www.ocert.org/advisories/ocert-2011-003.html
Task-number: QTBUG-23529
Change-Id: Ibee9cf6aa820af5d777fcde478647665c728052a
Reviewed-by: Jason McDonald <jason.mcdonald@nokia.com>
projects / profile / ivi / qtbase.git / commit