[Python-Dev] Status of the fix for the hash collision vulnerability (original) (raw)

Guido van Rossum guido at python.org
Fri Jan 13 18:43:00 CET 2012

• Previous message: [Python-Dev] Status of the fix for the hash collision vulnerability
• Next message: [Python-Dev] Status of the fix for the hash collision vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 13, 2012 at 9:08 AM, Mark Dickinson <dickinsm at gmail.com> wrote:

On Fri, Jan 13, 2012 at 2:57 AM, Guido van Rossum <guido at python.org> wrote: > How > pathological the data needs to be before the collision counter triggers? I'd > expect very pathological.

How pathological do you consider the set {1 << n for n in range(2000)}_ _to be? What about the set:_ _ieee754powersoftwo = {2.0**n for n in range(-1074, 1024)}_ _? The > 2000 elements of the latter set have only 61 distinct hash values on 64-bit machine, so there will be over 2000 total collisions involved in creating this set (though admittedly only around 30 collisions per hash value).

Hm... So how does the collision counting work for this case?

-- --Guido van Rossum (python.org/~guido) -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20120113/02979c5c/attachment.html>

• Previous message: [Python-Dev] Status of the fix for the hash collision vulnerability
• Next message: [Python-Dev] Status of the fix for the hash collision vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list