<div class="gmail_quote">On Thu, Dec 29, 2011 at 8:32 AM, Christian Heimes <span dir="ltr"><<a href="mailto:lists@cheimes.de">lists@cheimes.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div class="h5">IMHO we don't have to alter the outcome of hash("some string"), hash(1)</div></div>
and all other related types. We just need to reduce the change the an<br>
attacker can produce collisions in the dict (and set?) code that looks<br>
up the slot (PyDictEntry). How about adding the random value in<br>
Object/dictobject.c:lookdict() and lookdict_str() (Python 2.x) /<br>
lookdict_unicode() (Python 3.x)? With this approach the hash of all our<br>
objects stay the same and just the dict code needs to be altered.</blockquote><div><br></div><div>I don't understand how that helps a collision attack. If you can still generate two strings with the same (pre-randomized) hash, what difference does it make that the dict adds a random number? The post-randomized number will still be the same, no?</div>
<div><br></div><div>Or does this attack just rely on the hash *remainders* being the same? If so, I can see how hashing the hash would help. But since the attacker doesn't know the modulus, and it can change as the dictionary grows, I would expect the attack to require matching hashes, not just matching hash remainders... unless I'm just completely off base here.</div>
<div><br></div></div>