[Python-Dev] Make str/bytes hash algorithm pluggable? (original) (raw)
Guido van Rossum guido at python.org
Thu Oct 3 21:45:10 CEST 2013
- Previous message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Next message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Oct 3, 2013 at 12:23 PM, Christian Heimes <christian at python.org>wrote:
Am 03.10.2013 21:05, schrieb Guido van Rossum: > Hm. I would like to stick to the philosophy that Python's hash > should be as fast as it possibly can be, and should not be mistaken > for a cryptographic hash. The point is to optimize dict lookups, > nothing more, given typical (or even atypical) key distribution, > not to thwart deliberate attacks. We already have adopted a feature > that plugged most viable attacks on web apps, I think that's > enough. I also agree with Antoine's response.
Python's hash is neither as fast nor as secure as it can possibly be.
But fixing that shouldn't need all the extra stuff you're proposing.
It's not as fast because it doesn't use the full power of modern CPUs.
In most cases the code processes only 1 or 2 bytes per cycle instead of 8 bytes on 64-bit architectures. Jean-Philippe Aumasson and Daniel J. Bernstein (who are coincidentally the authors of SipHash) have shown how to recover Python randomization keys.
What's a Python randomization key?
SipHash: more secure and about same speed on most systems
Same speed as what?
optimized FNV: faster but with a known issue
What issue?
-- --Guido van Rossum (python.org/~guido) -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20131003/d589ccce/attachment.html>
- Previous message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Next message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]