[issue13703] Hash collision security issue

Christian Heimes report at bugs.python.org
Thu Jan 5 01:58:39 CET 2012

Christian Heimes <lists at cheimes.de> added the comment:

Paul wrote:
> I suggest that we don't randomize strings shorter than 6 characters. For longer strings, we randomize the first and last 5 characters. This means we're only adding additional work to a max of 10 rounds of the hash, and only for longer strings. Collisions with the hash from short strings should be minimal.

It's too surprising for developers when just the strings with 6 or more chars are randomized. Barry made a good point http://bugs.python.org/issue13703#msg150613


Python tracker <report at bugs.python.org>

More information about the Python-bugs-list mailing list