[issue13703] Hash collision security issue
Dave Malcolm
report at bugs.python.org
Wed Jan 25 20:19:32 CET 2012
Dave Malcolm <dmalcolm at redhat.com> added the comment:
On Wed, 2012-01-25 at 18:05 +0000, Antoine Pitrou wrote:
> Antoine Pitrou <pitrou at free.fr> added the comment:
>
> > I'm attaching a revised version of the patch that should fix the above
> > issue:
> > hybrid-approach-dmalcolm-2012-01-25-002.patch
>
> It looks like that approach will break any non-builtin type (in either C
> or Python) which can compare equal to bytes or str objects. If that's
> the case, then I think the likelihood of acceptance is close to zero.
How?
> Also, the level of complication is far higher than in any other of the
> proposed approaches so far (I mean those with patches), which isn't
> really a good thing.
So would I. I want something I can backport, though.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list