[Python-Dev] Hash collision security issue (now public) (original) (raw)
Antoine Pitrou solipsis at pitrou.net
Mon Jan 2 13:01:05 CET 2012
- Previous message: [Python-Dev] Hash collision security issue (now public)
- Next message: [Python-Dev] Hash collision security issue (now public)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, 1 Jan 2012 21:55:52 -0800 Paul McMillan <paul at mcmillan.ws> wrote:
This is similar to the change proposed by Christian Heimes. Most importantly, I moved the xor with r[x % lenr] down a line. Before, it wasn't being applied to the last character.
Shouldn't it be r[i % len(r)] instead? (refer to yesterday's #python-dev discussion)
I think Ruby uses FNV-1 with a salt, making it less vulnerable to this. FNV is otherwise similar to our existing hash function.
Again, we could re-use FNV-1's primes, since they claim they have better dispersion properties than the average prime.
Regards
Antoine.
- Previous message: [Python-Dev] Hash collision security issue (now public)
- Next message: [Python-Dev] Hash collision security issue (now public)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]