Skip to content
This repository was archived by the owner on Dec 29, 2022. It is now read-only.
This repository was archived by the owner on Dec 29, 2022. It is now read-only.

key hash collisions are not handled the same across implementations #108

Closed
Closed
key hash collisions are not handled the same across implementations#108
Labels
Implementation-CppImplementation-JavaImplementation-PythonPriority-MediumType-Patchauto-migrated
@GoogleCodeExporter

Description

@GoogleCodeExporter
GoogleCodeExporter
opened on Mar 7, 2015
key hash collisions are not handled the same across implementations

Python version regenerates a random key to avoid collisions in a keyset,
but if loading a keyset that did have a collision would just overwrite
http://code.google.com/p/keyczar/source/browse/python/src/keyczar/keyczar.py#192
http://code.google.com/p/keyczar/source/browse/python/src/keyczar/keyczar.py#69

C++ version also regenerates a random key to avoid collisions, and
fails to add additional keys that collide on read
http://code.google.com/p/keyczar/source/browse/cpp/src/keyczar/keyset.cc#171
http://code.google.com/p/keyczar/source/browse/cpp/src/keyczar/keyset.cc#138

java version does not guard against generating collisions, and
overwrites the existing key in hashmap
http://code.google.com/p/keyczar/source/browse/java/code/src/org/keyczar/Keyczar
.java#131
http://code.google.com/p/keyczar/source/browse/java/code/src/org/keyczar/Keyczar
.java#102


Each version should handle should handle keys with collisions consistently with 
other versions so that a keyset with collisions would have the same behavior 
when used by any versions. 

I also think that since each version also has the feature to import keys, which 
in a collision case could only stop importing in a non end user useful way, 
that they should handle key collisions as acceptable, I have this implemented 
in the C# version. In which the get a key from a hash returns a list of any key 
that matches the hash and that list is looped through during 
decryption/verification until authentication/verification is successful similar 
to how an UnversionedVerifier works in other implementations but over a subset 
of keys rather than the whole keyset.

http://code.google.com/r/jtuley-dotnet/source/browse/dotnet/Keyczar/Keyczar/Keyc
zar.cs#156
http://code.google.com/r/jtuley-dotnet/source/browse/dotnet/Keyczar/Keyczar/Cryp
ter.cs#95
http://code.google.com/r/jtuley-dotnet/source/browse/dotnet/Keyczar/Keyczar/Veri
fier.cs#146

Original issue reported on code.google.com by j...@tuley.name on 22 Oct 2012 at 4:11

Metadata

Metadata

Assignees

No one assigned

    Labels

    Implementation-CppImplementation-JavaImplementation-PythonPriority-MediumType-Patchauto-migrated

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions