[issue13703] Hash collision security issue
report at bugs.python.org
Wed Jan 25 13:45:34 CET 2012
Dave Malcolm <dmalcolm at redhat.com> added the comment:
I've found a bug in my patch; insertdict writes the old non-randomized
hash value into me_hash at:
ep->me_hash = hash;
rather than using the randomized hash, leading to issues when tested
against a real attack.
I'm looking into fixing it.
Python tracker <report at bugs.python.org>
More information about the Python-bugs-list