[issue13703] Hash collision security issue
Marc-Andre Lemburg
report at bugs.python.org
Mon Feb 6 21:24:15 CET 2012
Marc-Andre Lemburg <mal at egenix.com> added the comment:
Antoine Pitrou wrote:
>
> Antoine Pitrou <pitrou at free.fr> added the comment:
>
>>> Right, but that doesn't contradict what I wrote about adding
>>> env vars to fix a seed and optionally enable using a random
>>> seed, or adding collision counting as extra protection for
>>> cases that are not addressed by the hash seeding, such as
>>> e.g. collisions caused by 3rd types or numbers.
>>
>> ... at least I hope not :-)
>
> I think the env var part is a good idea (except that -1 as a magic value
> to enable randomization isn't great).
Agreed. Since it's an env var, using "random" would be a better choice.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list