[Python-Dev] Status of the fix for the hash collision vulnerability (original) (raw)
"Martin v. Löwis" martin at v.loewis.de
Sat Jan 14 16:17:59 CET 2012
- Previous message: [Python-Dev] Status of the fix for the hash collision vulnerability
- Next message: [Python-Dev] Status of the fix for the hash collision vulnerability
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am 14.01.2012 01:37, schrieb Benjamin Peterson:
2012/1/13 Guido van Rossum <guido at python.org>:
Really? Even though you came up with specifically to prove me wrong? Coming up with a counterexample now invalidates it?
There are two concerns here:
- is it possible to come up with an example of constructed values that show many collisions in a way that poses a threat? To this, the answer is apparently "yes", and the proposed reaction is to hard-limit the number of collisions accepted by the implementation.
- then, assuming such a limitation is in place: is it possible to come up with a realistic application that would break under this limitation. Mark's example is no such realistic application, instead, it is yet another example demonstrating collisions using constructed values (although the specific example would continue to work fine even under the limitation).
A valid counterexample would have to come from a real application, or at least from a scenario that is plausible for a real application.
Regards, Martin
- Previous message: [Python-Dev] Status of the fix for the hash collision vulnerability
- Next message: [Python-Dev] Status of the fix for the hash collision vulnerability
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]