[Python-Dev] Make str/bytes hash algorithm pluggable? (original) (raw)
Christian Heimes christian at python.org
Thu Oct 3 21:55:20 CEST 2013
- Previous message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Next message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am 03.10.2013 21:45, schrieb Guido van Rossum:
But fixing that shouldn't need all the extra stuff you're proposing.
I have proposed some of the extra stuff for more flexibility, the rest is for testing and debugging.
What's a Python randomization key?
Python's hash randomization key, the seed to randomize the output of hash() for bytes and str.
SipHash: more secure and about same speed on most systems
Same speed as what?
Same speed as the current algorithm in Python 3.3 and earlier.
optimized FNV: faster but with a known issue
What issue?
Quote from https://131002.net/siphash/#at
Jointly with Martin Boßlet, we demonstrated weaknesses in MurmurHash (used in Ruby, Java, etc.), CityHash (used in Google), and in Python's hash. Some of the technologies affected have switched to SipHash. See this oCERT advisory, and the following resources:
[...]
- Python script https://131002.net/siphash/poc.py to recover the secret seed of the hash randomization in Python 2.7.3 and 3.2.3
It's all documented in my PEP draft, too.
Christian
- Previous message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Next message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]