[issue13703] Hash collision security issue
Alex Gaynor
report at bugs.python.org
Wed Jan 25 13:47:38 CET 2012
Alex Gaynor <alex.gaynor at gmail.com> added the comment:
On Wed, Jan 25, 2012 at 7:45 AM, Dave Malcolm <report at bugs.python.org>wrote:
>
> Dave Malcolm <dmalcolm at redhat.com> added the comment:
>
> I've found a bug in my patch; insertdict writes the old non-randomized
> hash value into me_hash at:
> ep->me_hash = hash;
> rather than using the randomized hash, leading to issues when tested
> against a real attack.
>
> I'm looking into fixing it.
>
> ----------
>
> _______________________________________
> Python tracker <report at bugs.python.org>
> <http://bugs.python.org/issue13703>
> _______________________________________
>
What happens if I have a dict with str keys that goes into paranoid mode,
and I then do:
class A(object):
def __init__(self, s):
self.s = s
def __eq__(self, other):
return self.s == other
def __hash__(self):
return hash(self.s)
d[A("some str that's a key in d")]
Is it still able to find the value?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list