[Python-Dev] hash randomization in 3.3 (original) (raw)
Brett Cannon brett at python.org
Tue Feb 21 21:24:59 CET 2012
- Previous message: [Python-Dev] hash randomization in 3.3
- Next message: [Python-Dev] hash randomization in 3.3
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Feb 21, 2012 at 15:05, Barry Warsaw <barry at python.org> wrote:
On Feb 21, 2012, at 02:58 PM, Benjamin Peterson wrote:
>2012/2/21 Antoine Pitrou <solipsis at pitrou.net>: >> >> Hello, >> >> Shouldn't it be enabled by default in 3.3? Yes. >Should you be able to disable it? No, but you should be able to provide a seed.
I think that's inviting trouble if you can provide the seed. It leads to a false sense of security in that providing some seed secures them instead of just making it a tad harder for the attack. And it won't help with keeping compatibility with Python 2.7 installations that don't have randomization turned on by default. If we are going to allow people to turn this off then it should be basically the inverse of the default under Python 2.7 and no more. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20120221/d6253bcc/attachment.html>
- Previous message: [Python-Dev] hash randomization in 3.3
- Next message: [Python-Dev] hash randomization in 3.3
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]