Here you may find proofs of concept illustrating how the techniques developed at https://www.131002.net/siphash/ could have been realized in practice. The code presented here breaks MurmurHash 2 and 3 in real-life situations, serving as a scary example for how relatively easily countermeasures installed after the presentation of the original "hashDoS" vulnerability by Klink and Waelde at 28C3 can be circumvented, ultimately leading to valid DoS attacks on software being frequently used today. Find out more about the details here.
The intention is to raise the level of awareness and to demonstrate that the threat is clear and present, one with possibly severe consequences.
Do not use any of the material presented here to cause harm. I will find out where you live, I will surprise you in your sleep and I will tickle you so hard that you will promise to behave until the end of your days.
Copyright (c) 2012 Martin Boßlet. Distributed under the MIT License. See LICENSE for further details.