[issue13703] Hash collision security issue
STINNER Victor
report at bugs.python.org
Thu Jan 5 00:42:52 CET 2012
STINNER Victor <victor.stinner at haypocalc.com> added the comment:
Work-in-progress patch implementing my randomized hash function (random.patch):
- add PyOS_URandom() using CryptoGen, SSL (only on VMS!!) or /dev/urandom, will a fallback on a dummy LCG if the OS urandom failed
- posix.urandom() is always defined and reuses PyOS_URandom()
- hash(str) is now randomized using two random Py_hash_t values: don't touch the critical loop, only add a prefix and a suffix
Notes:
- PyOS_URandom() reuses mostly code from Modules/posixmodule.c, except dev_urandom() and fallback_urandom() which are new
- I removed memset(PyBytes_AS_STRING(result), 0, howMany); from win32_urandom() because it doesn't really change anything because the LCG is used if win32_urandom() fails
- Python refuses to start if the OS urandom is missing.
- Python/random.c code may be moved into Python/pythonrun.c if it is an issue to add a new file in old Python versions.
- If the OS urandom fails to generate the unicode hash secret, no warning is emitted (because the LCG is used). I don't know if a warning is needed in this case.
- os.urandom() argument is now a Py_ssize_t instead of an int
TODO:
- add an environment option to ignore the OS urandom and only uses the LCG
- fix all tests broken because of the randomized hash(str)
- PyOS_URandom() raises exceptions whereas it is called before creating the interpreter state. I suppose that it cannot work like this.
- review and test PyOS_URandom()
- review and test the new randomized hash(str)
----------
keywords: +patch
Added file: http://bugs.python.org/file24142/random.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list