[Python-Dev] Hash collision security issue (now public) (original) (raw)

Terry Reedy tjreedy at udel.edu
Thu Dec 29 23:28:22 CET 2011

• Previous message: [Python-Dev] Hash collision security issue (now public)
• Next message: [Python-Dev] Hash collision security issue (now public)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/29/2011 4:31 PM, Christian Heimes wrote:

The hash randomization idea adds a salt to throw the attacker of course. Instead of

position = hash& mask it's now hash = salt + hash

As I understood the talk (actually, the bit of Perl interpreter C code shown), the randomization is to change hash(s) to hash(salt+s) so that the salt is completely mixed into the hash from the beginning, rather than just tacked on at the end.

-- Terry Jan Reedy

• Previous message: [Python-Dev] Hash collision security issue (now public)
• Next message: [Python-Dev] Hash collision security issue (now public)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list