[issue13703] Hash collision security issue
Antoine Pitrou
report at bugs.python.org
Wed Jan 25 19:05:27 CET 2012
Antoine Pitrou <pitrou at free.fr> added the comment:
> I'm attaching a revised version of the patch that should fix the above
> issue:
> hybrid-approach-dmalcolm-2012-01-25-002.patch
It looks like that approach will break any non-builtin type (in either C
or Python) which can compare equal to bytes or str objects. If that's
the case, then I think the likelihood of acceptance is close to zero.
Also, the level of complication is far higher than in any other of the
proposed approaches so far (I mean those with patches), which isn't
really a good thing.
So I'm rather -1 myself on this approach, and would much prefer to
randomize hashes in all conditions.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list