[Python-Dev] Hash collision security issue (now public)

Terry Reedy tjreedy at udel.edu
Thu Dec 29 23:28:22 CET 2011

On 12/29/2011 4:31 PM, Christian Heimes wrote:

> The hash randomization idea adds a salt to throw the attacker of course.
> Instead of
>    position = hash&  mask
> it's now
>    hash = salt + hash

As I understood the talk (actually, the bit of Perl interpreter C code 
shown), the randomization is to change hash(s) to hash(salt+s) so that 
the salt is completely mixed into the hash from the beginning, rather 
than just tacked on at the end.

Terry Jan Reedy

More information about the Python-Dev mailing list