[Python-Dev] [issue13703] Hash collision security issue (original) (raw)
martin at v.loewis.de martin at v.loewis.de
Sat Jan 28 01:53:40 CET 2012
- Previous message: [Python-Dev] [issue13703] Hash collision security issue
- Next message: [Python-Dev] [issue13703] Hash collision security issue
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
How so? None of the patches did, but I think it was said several times that other types (int, tuple, float) could also be converted to use randomized hashes. What's more, there isn't any technical difficulty in doing so.
The challenge again is about incompatibility: the more types you apply this to, the higher the risk of breaking third-party code.
Plus you still risk that the hash seed might leak out of the application, opening it up again to the original attack.
- Previous message: [Python-Dev] [issue13703] Hash collision security issue
- Next message: [Python-Dev] [issue13703] Hash collision security issue
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]