Generate input that would cause collisions using Murmur2 64bit hash function

Question

I am stuck on an assignment that consists in finding a vulnerability in std::unordered_set that simply inserts some strings in an unordered_set<string> in a cycle:

for (const auto& user : users_list) {
    users.insert(user);
}

See full source code for details.

File compiled on UBUNTU as follows:

g++ -std=c++14 -O2 -Wall run.cpp -o run

The task is to provide an input that would make this program return a non zero status code.

Any ideas where to look? The hint is that there is something with the default hashing function and the fact that the program is compiled on ubuntu.

Please include a [mcve] in the question – 463035818_is_not_an_ai Sep 30 '19 at 11:20 — 463035818_is_not_an_ai, Sep 30 '19 at 11:20

Botje · Answer 1 · 2019-09-30T11:52:40.647

It sounds like your professor wants you to find and exploit a hash collision attack. You must generate inputs that all hash to the same value, such that the hash table lookup has to strcmp the new value with every value of the set to see if a duplicate exists before inserting.

Your next steps should be to find the hashing algorithm for std::string on your system and reverse it so you can generate these inputs with the same hash value.

Alternatively, just brute force it: generate a few million or billion random strings, std::hash them and store the strings that map to the same hash value.

On libstc++ HEAD, std::hash<string> is defined here. It calls Hash_bytes, which finally calls the hash function is based on MurmurHashUnaligned2 with seed 0xc70f6907UL.

Sounds reasonable. Don't know why somebody downvoted. – magom001 Sep 30 '19 at 12:09 — magom001, Sep 30 '19 at 12:09

Generate input that would cause collisions using Murmur2 64bit hash function

1 Answers1