[Python-Dev] hash randomization in 3.3
Xavier Morel
python-dev at masklinn.net
Tue Feb 21 21:58:18 CET 2012
On 2012-02-21, at 21:24 , Brett Cannon wrote:
> On Tue, Feb 21, 2012 at 15:05, Barry Warsaw <barry at python.org> wrote:
>
>> On Feb 21, 2012, at 02:58 PM, Benjamin Peterson wrote:
>>
>>> 2012/2/21 Antoine Pitrou <solipsis at pitrou.net>:
>>>>
>>>> Hello,
>>>>
>>>> Shouldn't it be enabled by default in 3.3?
>>
>> Yes.
>>
>>> Should you be able to disable it?
>>
>> No, but you should be able to provide a seed.
>
> I think that's inviting trouble if you can provide the seed. It leads to a
> false sense of security in that providing some seed secures them instead of
> just making it a tad harder for the attack.
I might have misunderstood something, but wouldn't providing a seed always
make it *easier* for the attacker, compared to a randomized hash?
More information about the Python-Dev
mailing list