[Python-Dev] Hash collision security issue (now public) (original) (raw)
Christian Heimes lists at cheimes.de
Sat Dec 31 04:28:18 CET 2011
- Previous message: [Python-Dev] Hash collision security issue (now public)
- Next message: [Python-Dev] Hash collision security issue (now public)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am 31.12.2011 03:19, schrieb Steven D'Aprano:
How about using a similar strategy to the current dict behaviour with missing and defaultdict? Here's my suggestion:
- If a dict subclass defines salt, then it is called to salt the hash value before lookups. If salt is undefined or None, the current behaviour remains unchanged.
This was my initial proposal, too. It took me a while to figure out that it won't work. Post-salting won't fix the issue. The random seed must be used as IV inside hashing algorithm. My brain was still in holiday mode and it took me a while to figure out the math. Sorry for any confusion!
Christian
- Previous message: [Python-Dev] Hash collision security issue (now public)
- Next message: [Python-Dev] Hash collision security issue (now public)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]