Security: Prevent DoS from hashmap collisions

[turnidge]

DoS using hashmap collisions
dart/runtime/vm/object.cc
6156 hash_ += ch;
6157 hash_ += hash_ << 10;
6158 hash_ ^= hash_ >> 6;
hash(attacker-supplied data) can be predicted
if hashmap is used on attacker-supplied keys, attacker can cause O(n^2) operations on the hashmap
background: http://www.youtube.com/watch?v=R2Cq3CLI6H8
solution: follow-up with Erik / apply same counter measures as V8

[iposva-google]

Added Security label.

[iposva-google]

One suggestion: We could use a random field per hash map which is used to randomize the hash value before use.

---

Added this to the M1 milestone.

[DartBot]

This comment was originally written by groeber...@google.com

---

Hi, was there any work done on this matter?
Cheers
FElix

[turnidge]

Set owner to @lexprfuncall.

[turnidge]

Removed this from the M1 milestone.
Added this to the M2 milestone.

[iposva-google]

Removed this from the M2 milestone.
Added this to the M3 milestone.

[iposva-google]

Removed the owner.

[iposva-google]

Removed this from the M3 milestone.
Added this to the M4 milestone.

[larsbak]

Removed this from the M4 milestone.
Added this to the M5 milestone.

[iposva-google]

Removed Priority-Medium label.
Added Priority-Unassigned label.

[iposva-google]

Removed this from the M5 milestone.

[kevmoo]

Issue #7 has been merged into this issue.

---

cc @lrhn.

[kevmoo]

Marked this as being blocked by #19399, #19400.