Open vlovich opened 4 months ago
Hello @vlovich I guess we'd have to try in order to know whether it's possible to exploit the current compression to make a fixed-point attack. On my end I don't have a lot of experience in this but this is something I want to try. If this is no longer a theory but something easily doable in practice we can indeed address it and bump the major version.
Based on https://news.ycombinator.com/item?id=40344581, it sounds like a fixed point attack might be part of a DOS exploit chain. It wouldn't be a backwards compatible change (i.e. would need to bump the major version), but could the compression function incorporate the seed? Hopefully this has no impact on performance.