Hash auto-randomization is a mechanism to detect when a collision attack is underway and switch to a randomized keying scheme at that point. This patch is for the 2.7 branch, where hash randomization is not on by default. Using collided strings from https://github.com/Storyyeller/fnv-collider/tree/master/collided_strings, 10 "attacks" of roughly 50,000 collided strings were launched against this. The unmodified Python had a median insert time of roughly 4.32 seconds and a median retrieve time of roughly 4.40 seconds. With the auto-randomized version of Python, the median insert time was roughly 3.99 seconds and median retrieve time was roughly 3.57 seconds. This is a 7.7% and 18.9% savings, respectively.
Raymond, dicts are your area of expertise. I'm -0 on the patch. The check is going to slow down dicts and it's really easy to enable randomization with an env var or command line argument.
It was decided to leave the hash randomization disabled by default for backward compatibility. It's a deliberate choice. I don't think that we need to go further for Python 2.7. I never considered this denial of service attach as major, there are many other ways to trigger a DoS, and fixing the dict type is not the right way to prevent this class of attacks. HTTP clients and frameworks like http.client and Django implemented other countermeasures like limiting the number of HTTP headers. The problem was correctly fixed in Python 3: randomization enabled by default since Python 3.3, and Python 3.4 now uses SipHash which better hides the hash secret. More info at: * http://python-security.readthedocs.io/vuln/cve-2012-1150_hash_dos.html * http://python-security.readthedocs.io/vuln/cve-2013-7040_hash_not_properly_randomized.html
