Is Go susceptible to hash floods?

<p>So I watching this <a href="https://www.youtube.com/watch?v=wGYj8fhhUVA">informative video </a> that pointed out that several prominent languages were vulnerable to hash floods (although its fixed now), I would like to know the status of the same for Go on this one. I am asking because I am not aware of the internal working, so this may even be *Not Applicable * kinda question!!</p> <p><a href="https://131002.net/siphash/siphashdos_appsec12_slides.pdf">Here is more on hash flood</a></p> <hr/>**评论：**<br/><br/>dgryski: <pre><p>&#34;Probably not&#34;. The internal hash table has always (pre-1.0) had a per-table seed which is mixed with they key to make it difficult to have off-line attacks against the hash function. The hash rewrite in 1.4 produced a &#34;complicated&#34; hash function which has not been analyzed though.</p> <p>The upcoming 1.6 includes a patch to make it harder to engineer collisions: <a href="https://github.com/golang/go/commit/91059de095703ebc4ce6b8bad7a0a40dedeef7dc">https://github.com/golang/go/commit/91059de095703ebc4ce6b8bad7a0a40dedeef7dc</a></p></pre>Ainar-G: <pre><p>After some googling I&#39;ve found <a href="https://github.com/golang/go/issues/9365">this issue</a> with lots of info on the topic. In particular, Ian Lance Taylor wrote:</p> <blockquote> <p>I am not a crypto expert. But I believe that the Go runtime is somewhat resistant to this kind of attack because every map uses an individual hash seed that is chosen randomly at run time. Since an attacker who is not on the local machine has very limited visibility into map lookup times, I think it would be quite difficult to run such an attack remotely.</p> </blockquote></pre>drvd: <pre><p>No.</p></pre>