[Python-Dev] Counting collisions for the win (original) (raw)
Victor Stinner victor.stinner at haypocalc.com
Fri Jan 20 17:17:24 CET 2012
- Previous message: [Python-Dev] Counting collisions for the win
- Next message: [Python-Dev] Counting collisions for the win
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
So I still think we should ditch the paranoia about dictionary order changing, and fix this without counting.
The randomized hash has other issues:
- its security is based on its secret, whereas it looks to be easy to compute it (see more details in the issue)
- my patch only changes hash(str), whereas other developers asked me to patch also bytes, int and other types
hash(bytes) can be changed. But changing hash(int) may leak easily the secret. We may use a different secret for each type, but if it is easy to compute int hash secret, dictionaries using int are still vulnerable.
--
There is no perfect solutions, drawbacks of each solution should be compared.
Victor
- Previous message: [Python-Dev] Counting collisions for the win
- Next message: [Python-Dev] Counting collisions for the win
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]