So I watching this informative video that pointed out that several prominent languages were vulnerable to hash floods (although its fixed now), I would like to know the status of the same for Go on this one. I am asking because I am not aware of the internal working, so this may even be *Not Applicable * kinda question!!
From that I can gather from @iant : […] the Go runtime is somewhat resistant to this kind of attack because every map uses an individual hash seed that is chosen randomly at run time.
Seems like a brilliant approach to this problem. If someone can access raw memory on your server and get the seed, you have much bigger problems than a hash flood.
Yes. I think that Go maps are only vulnerable to hash floods if the map lives across many requests and if the attacker can get precise timing information for map insertions. This is difficult to do over a network, but is slightly more feasible if you are running on the same machine. If you can get that timing information, then in principle you can use a series of targeted map insertions to discover the random seed, and then use that to flood the map.
In practice I wouldn’t worry about it.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.