[issue13703] Hash collision security issue
report at bugs.python.org
Thu Jan 5 01:58:39 CET 2012
Christian Heimes <lists at cheimes.de> added the comment:
> I suggest that we don't randomize strings shorter than 6 characters. For longer strings, we randomize the first and last 5 characters. This means we're only adding additional work to a max of 10 rounds of the hash, and only for longer strings. Collisions with the hash from short strings should be minimal.
It's too surprising for developers when just the strings with 6 or more chars are randomized. Barry made a good point http://bugs.python.org/issue13703#msg150613
Python tracker <report at bugs.python.org>
More information about the Python-bugs-list