diff options
| -rw-r--r-- | lib/Hash/Util.pm | 6 | ||||
| -rw-r--r-- | pod/perlrun.pod | 20 |
2 files changed, 20 insertions, 6 deletions
diff --git a/lib/Hash/Util.pm b/lib/Hash/Util.pm index 8e8c95265c..c5d30592ff 100644 --- a/lib/Hash/Util.pm +++ b/lib/Hash/Util.pm @@ -187,6 +187,12 @@ hash_seed() returns the seed number used to randomise hash ordering. Zero means the "traditional" random hash ordering, non-zero means the new even more random hash ordering introduced in Perl 5.8.1. +B<Note that the hash seed is sensitive information>: by knowing it one +can craft a denial-of-service attack against Perl code, even remotely, +see L<perlsec/"Algorithmic Complexity Attacks"> for more information. +B<Do not disclose the hash seed> to people who don't need to know it. +See also L<perlrun/PERL_HASH_SEED_DEBUG>. + =cut sub hash_seed () { diff --git a/pod/perlrun.pod b/pod/perlrun.pod index 7f32e94c1b..81d47495b7 100644 --- a/pod/perlrun.pod +++ b/pod/perlrun.pod @@ -1139,16 +1139,24 @@ the pseudorandom seed supplied by the operating system and libraries. This means that each different run of Perl will have a different ordering of the results of keys(), values(), and each(). -See L<perlsec/"Algorithmic Complexity Attacks"> for more information, -and also L</PERL_HASH_SEED_DEBUG>. +B<Please note that the hash seed is sensitive information>. Hashes are +randomized to protect against local and remote attacks against Perl +code. By manually setting a seed this protection may be partially or +completely lost. + +See L<perlsec/"Algorithmic Complexity Attacks"> and +L</PERL_HASH_SEED_DEBUG> for more information. =item PERL_HASH_SEED_DEBUG (Since Perl 5.8.1.) Set to one to display (to STDERR) the value of -the hash seed at the beginning of execution. B<Note that the hash -seed is sensitive information>: by knowing it one can craft a -denial-of-service attack against Perl code, even remotely, see -L<perlsec/"Algorithmic Complexity Attacks"> for more information. +the hash seed at the beginning of execution. This, combined with +L</PERL_HASH_SEED> is intended to aid in debugging nondeterministic +behavior caused by hash randomization. + +B<Note that the hash seed is sensitive information>: by knowing it one +can craft a denial-of-service attack against Perl code, even remotely, +see L<perlsec/"Algorithmic Complexity Attacks"> for more information. B<Do not disclose the hash seed> to people who don't need to know it. See also hash_seed() of L<Hash::Util>. |