[Python-Dev] hash randomization in 3.3 (original) (raw)
Xavier Morel python-dev at masklinn.net
Tue Feb 21 21:58:18 CET 2012
- Previous message: [Python-Dev] hash randomization in 3.3
- Next message: [Python-Dev] hash randomization in 3.3
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 2012-02-21, at 21:24 , Brett Cannon wrote:
On Tue, Feb 21, 2012 at 15:05, Barry Warsaw <barry at python.org> wrote:
On Feb 21, 2012, at 02:58 PM, Benjamin Peterson wrote:
2012/2/21 Antoine Pitrou <solipsis at pitrou.net>:
Hello, Shouldn't it be enabled by default in 3.3? Yes. Should you be able to disable it? No, but you should be able to provide a seed. I think that's inviting trouble if you can provide the seed. It leads to a false sense of security in that providing some seed secures them instead of just making it a tad harder for the attack.
I might have misunderstood something, but wouldn't providing a seed always make it easier for the attacker, compared to a randomized hash?
- Previous message: [Python-Dev] hash randomization in 3.3
- Next message: [Python-Dev] hash randomization in 3.3
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]