[Python-Dev] Hash collision security issue (now public) (original) (raw)
Serhiy Storchaka storchaka at gmail.com
Thu Jan 5 23:15:31 CET 2012
- Previous message: [Python-Dev] Hash collision security issue (now public)
- Next message: [Python-Dev] Hash collision security issue (now public)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
05.01.12 21:14, Glenn Linderman написав(ла):
So, fixing the vulnerable packages could be a sufficient response, rather than changing the hash function. How to fix? Each of those above allocates and returns a dict. Simply have each of those allocate and return and wrapped dict, which has the following behaviors:
i) during init, create a local, random, string. ii) for all key values, prepend the string, before passing it to the internal dict.
Good idea. -------------- next part -------------- A non-text attachment was scrubbed... Name: SafeDict.py Type: text/x-python Size: 1923 bytes Desc: not available URL: <http://mail.python.org/pipermail/python-dev/attachments/20120106/99fba4a2/attachment.py>
- Previous message: [Python-Dev] Hash collision security issue (now public)
- Next message: [Python-Dev] Hash collision security issue (now public)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]