[issue13703] Hash collision security issue
Terry J. Reedy
report at bugs.python.org
Wed Jan 4 01:55:05 CET 2012
Terry J. Reedy <tjreedy at udel.edu> added the comment:
In #13707 I suggest a change to the current hash() entry which is needed independently of this issue, because the default hash (for object()), being tied to id() is already limited to an object's lifetime. But this change will become more imperative if hash() is made run-dependent for numbers and strings.
There does not seems to presently *be* a security hole for 64 bit builds, so if there is any noticeable slowdown on 64 bit builds and it is sensibly easy to tie the default to the bitness, I would think it should be off for such builds.
Python tracker <report at bugs.python.org>
More information about the Python-bugs-list