[Python-Dev] hash randomization in 3.3 (original) (raw)
Antoine Pitrou solipsis at pitrou.net
Wed Feb 22 19:26:11 CET 2012
- Previous message: [Python-Dev] hash randomization in 3.3
- Next message: [Python-Dev] hash randomization in 3.3
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 22 Feb 2012 12:59:33 -0500 Barry Warsaw <barry at python.org> wrote:
On Feb 22, 2012, at 09:04 PM, Stephen J. Turnbull wrote:
>Brett Cannon writes: > > > I think that's inviting trouble if you can provide the seed. It leads to a > > false sense of security > >I thought the point of providing the seed was for reproducability of >tests and the like? > >As for "false sense", can't we document this and chalk up hubristic >behavior to "consenting adults"? +1
How is it a "false sense of security" at all? It's the same as setting a private secret for e.g. session cookies in Web applications. As long as you don't leak the seed, it's (should be) secure.
(the only hypothetical issue being with Victor's choice of an LCG pseudo-random generator to generate the secret from the seed)
Regards
Antoine.
- Previous message: [Python-Dev] hash randomization in 3.3
- Next message: [Python-Dev] hash randomization in 3.3
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]