[Python-Dev] Hash collision security issue (now public)
Christian Heimes
lists at cheimes.de
Thu Dec 29 23:50:16 CET 2011
Am 29.12.2011 23:28, schrieb Terry Reedy:
> As I understood the talk (actually, the bit of Perl interpreter C code
> shown), the randomization is to change hash(s) to hash(salt+s) so that
> the salt is completely mixed into the hash from the beginning, rather
> than just tacked on at the end.
Yes, the Perl and Ruby code uses a random seed as IV for hash
generation. It's the best way to create randomized hashes but it might
not be a feasible fix for Python 2.x. I'm worried that it might break
applications that rely on stable hash values.
More information about the Python-Dev
mailing list