[issue13703] Hash collision security issue
STINNER Victor
report at bugs.python.org
Thu Jan 5 02:05:59 CET 2012
STINNER Victor <victor.stinner at haypocalc.com> added the comment:
> At least for Python 2.x hash(str) and hash(unicode) have to yield
> the same result for ASCII only strings.
Ah yes, I forgot Python 2: I wrote my patch for Python 3.3. The two hash functions should be modified to be randomized.
> hash("") should always return 0
Ok, I can add a special case. Antoine told me that hash("") gives prefix ^ suffix, which is too much information for the attacker :-)
> for small strings we could use a different seed
> than for larger strings
Why? The attack doesn't work with short strings? What do you call a "short string"?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list