[Python-Dev] Hash collision security issue (now public)

[Tim Delaney]

+1 to option d (host-based salt) but would need to consistently order the
hostnames/addresses to guarantee that all processes on the same machine got
the same salt by default.

+1 to option c (environment variable) as an override. And/or maybe an
override on the command line.

+1 to implementing the salt in the dictionary hash as an additive value.

+0 to exposing the salt as a constant (3.3+ only) - or alternatively expose
a hash function that just takes an existing hash and returns the salted
hash. That would make it very easy for anything that wanted a salted hash
to get one.

For choosing the default salt, I think something like:

a. If IPv6 is enabled, take the link-local address of the interface with
the default route. Pretty much guaranteed not to change, can't be
determined externally (salting doesn't need a secret, but it doesn't hurt),
large number so probably a good salt. (If it is likely to change, a salt
override should be being used instead). Don't use any other IPv6 address.
In particular, never use a "temporary" IPv6" address like Windows assigns -
multiprocessing could end up with instances with different salts.

b. Take the FQDN of the machine.

Tim Delaney
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20111230/3717d78f/attachment.html>