[Python-Dev] Hash collision security issue (now public)

Victor Stinner victor.stinner at haypocalc.com
Sat Dec 31 03:31:03 CET 2011

Le 29/12/2011 14:19, Christian Heimes a écrit :
> Perhaps the dict code is a better place for randomization.

The problem is the creation of a dict with keys all having the same hash 
value. The current implementation of dict uses a linked-list. Adding a 
new item requires to compare the new key to all existing keys (compare 
the value, not the hash, which is much slower).

We had to change completly how dict is implemented to be able to fix 
this issue. I don't think that we can change the dict implementation 
without breaking backward compatibility or breaking applications. Change 
the implementation would change dict properties, and applications rely 
on the properties of the current implementation.

Tell me if I am wrong.


More information about the Python-Dev mailing list