[Python-Dev] Hash collision security issue (now public)
Terry Reedy
tjreedy at udel.edu
Thu Dec 29 23:28:22 CET 2011
On 12/29/2011 4:31 PM, Christian Heimes wrote:
> The hash randomization idea adds a salt to throw the attacker of course.
> Instead of
>
> position = hash& mask
>
> it's now
>
> hash = salt + hash
As I understood the talk (actually, the bit of Perl interpreter C code
shown), the randomization is to change hash(s) to hash(salt+s) so that
the salt is completely mixed into the hash from the beginning, rather
than just tacked on at the end.
--
Terry Jan Reedy
More information about the Python-Dev
mailing list