[Python-Dev] hash randomization in 3.3
Brett Cannon
brett at python.org
Tue Feb 21 21:24:59 CET 2012
On Tue, Feb 21, 2012 at 15:05, Barry Warsaw <barry at python.org> wrote:
> On Feb 21, 2012, at 02:58 PM, Benjamin Peterson wrote:
>
> >2012/2/21 Antoine Pitrou <solipsis at pitrou.net>:
> >>
> >> Hello,
> >>
> >> Shouldn't it be enabled by default in 3.3?
>
> Yes.
>
> >Should you be able to disable it?
>
> No, but you should be able to provide a seed.
I think that's inviting trouble if you can provide the seed. It leads to a
false sense of security in that providing some seed secures them instead of
just making it a tad harder for the attack. And it won't help with keeping
compatibility with Python 2.7 installations that don't have randomization
turned on by default. If we are going to allow people to turn this off then
it should be basically the inverse of the default under Python 2.7 and no
more.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20120221/d6253bcc/attachment.html>
More information about the Python-Dev
mailing list