[issue13703] Hash collision security issue
Antoine Pitrou
report at bugs.python.org
Thu Jan 19 00:46:12 CET 2012
Antoine Pitrou <pitrou at free.fr> added the comment:
> > As much as the counting idea rubs me wrong,
>
> FWIW, the original 2003 paper reported that the url-caching system that
> they tested used collision-counting to evade attacks.
I think that was DJB's DNS server/cache actually.
But deciding to limit collisions in a specific application is not the
same as limiting them in the general case. Python dicts have a lot of
use cases that are not limited to storing URL parameters, domain names
or instance attributes: there is a greater risk of meeting pathological
cases with legitimate keys.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list