[Python-Dev] [issue13703] Hash collision security issue (original) (raw)

Glenn Linderman v+python at g.nevcal.com
Fri Jan 27 07:47:57 CET 2012

• Previous message: [Python-Dev] PEP for allowing 'raise NewException from None'
• Next message: [Python-Dev] [issue13703] Hash collision security issue
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/26/2012 10:25 PM, Gregory P. Smith wrote:

(and on top of all of this I believe we're all settled on having per interpreter hash randomizationas well in 3.3; but this AVL tree approach is one nice option for a backport to fix the major vulnerability)

If the tree code cures the problem, then randomization just makes debugging harder. I think if it is included in 3.3, it needs to have a switch to turn it on/off (whichever is not default).

I'm curious why AVL tree rather than RB tree, simpler implementation? C++ stdlib includes RB tree, though, for even simpler implementation :)

Can we have a tree type in 3.3, independent of dict? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20120126/62d7a7e2/attachment.html>

• Previous message: [Python-Dev] PEP for allowing 'raise NewException from None'
• Next message: [Python-Dev] [issue13703] Hash collision security issue
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list