HashWick V8 Vulnerability
In Summary : The Hash Seed is a random number that is used as an initial value for the (non-cryptographic) hash functions inside of V8 ins...
https://updatesinfosec.blogspot.com/2018/09/hashwick-v8-vulnerability.html
In Summary :
The Hash Seed is a random number that is used as an initial value for the (non-cryptographic) hash functions inside of V8 instances. Such numbers are used not only in V8 or other VMs, they're used in kernels, databases, and many different kinds of software.
The reason to have seeded hash functions is to prevent collision attacks on hash maps (e.g. JavaScript objects/dictionaries). In ideal scenario, use of random seed should make guessing the hash value of a string/number an impossible endeavor.
Whenever a Node.js instance parses HTTP headers or JSON object, V8 has to create a hash map for it. Each hash map is backed by a list (storage) of length
In ideal scenario the indices for two different keys are always different. It is easy to see that it isn't possible due to the limited list size. The more key/value pairs we insert into the object, the more likely the "collision" to happen. When the hash values are the same, but the keys are different, V8 has to place the key in the next cell... or in the cell after the next, if the next is filled already. [...]
kindly refer the following link as follow up :
https://ift.tt/2ByBdPA
The Hash Seed is a random number that is used as an initial value for the (non-cryptographic) hash functions inside of V8 instances. Such numbers are used not only in V8 or other VMs, they're used in kernels, databases, and many different kinds of software.
The reason to have seeded hash functions is to prevent collision attacks on hash maps (e.g. JavaScript objects/dictionaries). In ideal scenario, use of random seed should make guessing the hash value of a string/number an impossible endeavor.
Whenever a Node.js instance parses HTTP headers or JSON object, V8 has to create a hash map for it. Each hash map is backed by a list (storage) of length
2 * N. The keys are inserted at even positions, the values are inserted at odd
(right after the key). The position index is determined by the hash of the key
modulo the storage size. Two equal keys will have two equal hashes, and will
point to the same cell in the list.In ideal scenario the indices for two different keys are always different. It is easy to see that it isn't possible due to the limited list size. The more key/value pairs we insert into the object, the more likely the "collision" to happen. When the hash values are the same, but the keys are different, V8 has to place the key in the next cell... or in the cell after the next, if the next is filled already. [...]
kindly refer the following link as follow up :
https://ift.tt/2ByBdPA
