[issue13703] Hash collision security issue
STINNER Victor
report at bugs.python.org
Wed Jan 4 01:22:37 CET 2012
STINNER Victor <victor.stinner at haypocalc.com> added the comment:
Christian Heimes proposes the following change in its randomhash branch (see issue #13704):
- x = (Py_uhash_t) *p << 7;
+ x = Py_RndHashSeed + ((Py_uhash_t) *p << 7);
for (i = 0; i < len; i++)
x = (1000003U * x) ^ (Py_uhash_t) *p++;
x ^= (Py_uhash_t) len;
This change doesn't add any security if the attacker can inject any string and retreive the hash value. You can retreive directly Py_RndHashSeed using:
Py_RndHashSeed = intmask((hash("a") ^ len("a") ^ ord("a")) * DIVIDE) - (ord("a") << 7)
where intmask() truncates to a long (x mod 2^(long bits)) and DIVIDE = 1/1000003 mod 2^(long bits). For example, DIVIDE=2021759595 for 32 bits long.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list