[Python-Dev] Hash collision security issue (now public)
timothy.c.delaney at gmail.com
Thu Dec 29 20:59:47 CET 2011
+1 to option d (host-based salt) but would need to consistently order the
hostnames/addresses to guarantee that all processes on the same machine got
the same salt by default.
+1 to option c (environment variable) as an override. And/or maybe an
override on the command line.
+1 to implementing the salt in the dictionary hash as an additive value.
+0 to exposing the salt as a constant (3.3+ only) - or alternatively expose
a hash function that just takes an existing hash and returns the salted
hash. That would make it very easy for anything that wanted a salted hash
to get one.
For choosing the default salt, I think something like:
a. If IPv6 is enabled, take the link-local address of the interface with
the default route. Pretty much guaranteed not to change, can't be
determined externally (salting doesn't need a secret, but it doesn't hurt),
large number so probably a good salt. (If it is likely to change, a salt
override should be being used instead). Don't use any other IPv6 address.
In particular, never use a "temporary" IPv6" address like Windows assigns -
multiprocessing could end up with instances with different salts.
b. Take the FQDN of the machine.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-Dev