[Python-Dev] Status of the fix for the hash collision ulnerability (original) (raw)

Heiko Wundram modelnine at modelnine.org
Sun Jan 15 19:40:49 CET 2012

• Previous message: [Python-Dev] Status of the fix for the hash collision ulnerability
• Next message: [Python-Dev] Status of the fix for the hash collision vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am 15.01.2012 15:27, schrieb Victor Stinner:

I don't think that it would be hard to patch this library to use another hash function. It can implement its own hash function, use MD5, SHA1, or anything else. hash() is not stable accross Python versions and 32/64 bit systems.

As I wrote in a reply further down: no, it isn't hard to change this behaviour (and I find the current caching system, which uses hash() on an URL to choose the cache index, braindead to begin with), but, as with all other considerations: the current version of the library, with the default options, depends on hash() to be stable for the cache to make any sense at all (and especially with "generic" schema such as the referenced xml.dtd, caching makes a lot of sense, and not being able to cache breaks applications as it did mine). This is juts something to bear in mind.

-- --- Heiko.

• Previous message: [Python-Dev] Status of the fix for the hash collision ulnerability
• Next message: [Python-Dev] Status of the fix for the hash collision vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list