[Python-Dev] Counting collisions for the win (original) (raw)
Case Van Horsen casevh at gmail.com
Fri Jan 20 20:06:46 CET 2012
- Previous message: [Python-Dev] Counting collisions for the win
- Next message: [Python-Dev] Counting collisions for the win
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Jan 20, 2012 at 8:17 AM, Victor Stinner <victor.stinner at haypocalc.com> wrote:
So I still think we should ditch the paranoia about dictionary order changing, and fix this without counting. The randomized hash has other issues: - its security is based on its secret, whereas it looks to be easy to compute it (see more details in the issue) - my patch only changes hash(str), whereas other developers asked me to patch also bytes, int and other types
Changing hash(int) on a bugfix release will cause issues with extensions (gmpy, sage, probably others) that calculate the hash of numerical objects.
hash(bytes) can be changed. But changing hash(int) may leak easily the secret. We may use a different secret for each type, but if it is easy to compute int hash secret, dictionaries using int are still vulnerable. -- There is no perfect solutions, drawbacks of each solution should be compared. Victor
Python-Dev mailing list Python-Dev at python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/casevh%40gmail.com
- Previous message: [Python-Dev] Counting collisions for the win
- Next message: [Python-Dev] Counting collisions for the win
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]