[Python-Dev] Make str/bytes hash algorithm pluggable? (original) (raw)
Antoine Pitrou solipsis at pitrou.net
Fri Oct 4 17:57:11 CEST 2013
- Previous message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Next message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Le Fri, 04 Oct 2013 17:13:32 +0200, martin at v.loewis.de a écrit :
Whether this is a serious threat or not depends on what other threats the system being attacked is vulnerable to. Maybe there is something even simpler, or maybe the hash attack is the only hope of bringing the system to its knees. IMO, the hash attack is particularly tricky since it is very easy to argue and very difficult to demonstrate.
If you know how to generate colliding hashes, it's actually relatively easy to demonstrate, assuming you know how a particular Web application processes its incoming requests (which you do if it's a standard Web application such as hgweb).
Regards
Antoine.
- Previous message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Next message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]