[issue13703] Hash collision security issue
Mark Shannon
report at bugs.python.org
Thu Jan 5 11:41:41 CET 2012
Mark Shannon <mark at hotpy.org> added the comment:
But that's not the issue we are supposed to be dealing with.
A single (genuinely random) seed will deal with the attack described in
the talk and it is (almost) as fast as using 0 as a seed.
Why make things complicated dealing with a hypothetical problem?
>> Why should hash("") always return 0?
>> I can't find it in the docs anywhere.
>
> hash("") should return something constant that doesn't reveal information about the random seeds. 0 is an arbitrary choice that is as good as anything else. hash("") already returns 0, hence my suggestion for 0.
Is special casing arbitrary values really any more secure?
If we special case "", the attacker will just start using "\0" and so on...
>
> ----------
>
> _______________________________________
> Python tracker <report at bugs.python.org>
> <http://bugs.python.org/issue13703>
> _______________________________________
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list