Support configuring default salt #218
Comments
This is SO hacky that we shouldn't even merge the PR, just have people use the open PR if necessary. IMO |
|
✨ This is an old work account. Please reference @brandonchinn178 for all future communication ✨ I disagree that it's "SO" hacky. Using environment variables to configure upstream behavior is not uncommon ( |
|
Apparently, this works: It doesn't give the ability for configuring it, but I think you don't want to configure it anyway, just let it be random on boot. |
|
@jappeace yes that's a (very short-term) workaround. |
|
✨ This is an old work account. Please reference @brandonchinn178 for all future communication ✨
Yes, I mentioned that in the beginning
But in some situations, you don't want it to be random on boot, such as when you need deterministic tests. |
Blog post: https://cs-syd.eu/posts/2021-09-11-json-vulnerability
The biggest problem exposed by this blog post is that any third-party code using
hash(using the default salt) that has problems with hash collisions can have malicious input constructed beforehand. The-frandom-init-seedflag helps with this at the cost of a different seed every start up.One quick fix that can help mitigate this is to allow reading an environment variable like
HASHABLE_DEFAULT_SALTwithunsafePerformIOthat one can set differently for their application. This has the advantage that my application can hash things with a different salt than the default, publicly available one, so an attacker attacking my application can't reuse malicious values from attacking another application. It would also be difficult to construct malicious input if my application's default salt isn't shared, and my application doesn't easily expose the default salt in any way.Related:
The text was updated successfully, but these errors were encountered: