[Python-Dev] Status of the fix for the hash collision vulnerability (original) (raw)

Nick Coghlan ncoghlan at gmail.com
Sat Jan 14 08:01:48 CET 2012

On Sat, Jan 14, 2012 at 4:24 PM, Jack Diederich <jackdied at gmail.com> wrote:

This is depending on how the counting is done (I didn't look at MAL's patch), and assuming that increasing the hash table size will generally reduce collisions if items collide but their hashes are different. The patch counts conflicts on an individual insert and not lifetime conflicts.  Looks sane to me.

Having a hard limit on the worst-case behaviour certainly sounds like an attractive prospect. And there's nothing to worry about in terms of secrecy or sufficient randomness - by default, attackers cannot generate more than 1000 hash collisions in one lookup, period.

That said, even with collision counting I'd like a way to disable it without changing the code, e.g. a flag or environment variable. Agreed.  Paranoid people can turn the behavior off and if it ever were to become a problem in practice we could point people to a solution.

Does MAL's patch allow the limit to be set on a per-dict basis (including setting it to None to disable collision limiting completely)? If people have data sets that need to tolerate that kind of collision level (and haven't already decided to move to a data structure other than the builtin dict), then it may make sense to allow them to remove the limit when using trusted input.

For maintenance versions though, it would definitely need to be possible to switch it off without touching the code.

Cheers, Nick.

-- Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

More information about the Python-Dev mailing list