[Python-Dev] Counting collisions for the win (original) (raw)
Ivan Kozik ivan at ludios.org
Fri Jan 20 05:06:25 CET 2012
- Previous message: [Python-Dev] Counting collisions for the win
- Next message: [Python-Dev] Counting collisions for the win
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Jan 20, 2012 at 03:48, Guido van Rossum <guido at python.org> wrote:
I think that's because your collision-counting algorithm was much more primitive than MAL's.
Conceded.
This, combined with the second problem (needing to catch an exception), led me to abandon this approach and write Securetypes, which has a securedict that uses SHA-1. Not that I like this either; I think I'm happy with the randomize-hash() approach.
Why did you need to catch the exception? Were you not happy with the program simply terminating with a traceback when it got attacked?
No, I wasn't happy with termination. I wanted to treat it just like a JSON decoding error, and send the appropriate response.
I actually forgot to mention the main reason I abandoned the stop-at-N-collisions approach. I had a server with a dict that stayed in memory, across many requests. It was being populated with identifiers chosen by clients. I couldn't have my server stay broken if this dict filled up with a bunch of colliding keys. (I don't think I could have done another thing either, like nuke the dict or evict some keys.)
Ivan
- Previous message: [Python-Dev] Counting collisions for the win
- Next message: [Python-Dev] Counting collisions for the win
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]