Jan. 20, 2012
10:35 p.m.
Am 20.01.2012 16:33, schrieb Guido van Rossum:
(I'm thinking that the original attack is trivial once the set of 65000 colliding keys is public knowledge, which must be only a matter of time.
I think it's very likely that this will happen soon. For ASP and PHP there is attack-payload publicly available. PHP and ASP have patches to limit the number of query-variables. We're very lucky that there's no public payload for python yet, and all non-public software and payload I'm aware of is based upon my software. But this can change any moment. It's not really difficult to write software to create 32bit-collisions. Frank