

When the worst case is really, really bad - edw519
http://dobbscodetalk.com/index.php?option=com_myblog&show=When-the-worst-case-is-really-really-bad.html&Itemid=29

======
lorax
The article mentions the possibility of an attacker feeding a hash specially
designed data to cause all the keys to map to the same bucket. Perl
implemented a fix for this attack years ago. If too many keys map to the same
bucket it randomizes the hash seed.

Here's an example of the pathological case:

perl -e '$a{"\0"x$_} = $_ for (1..20); print join("\n", values(%a)), "\n";'

Each time you run it the values come out in a different order because of the
randomization.

This randomization only happens if there are a lot of keys in the same bucket,
change the 1..20 to 1..10 and the values come out in the same order every
time.

(I got the example code from <http://www.perlmonks.org/?node_id=557616> user
demerphq)

