[Python-Dev] hash randomization in 3.3

Barry Warsaw barry at python.org
Tue Feb 21 22:33:10 CET 2012


On Feb 21, 2012, at 09:58 PM, Xavier Morel wrote:

>On 2012-02-21, at 21:24 , Brett Cannon wrote:
>> On Tue, Feb 21, 2012 at 15:05, Barry Warsaw <barry at python.org> wrote:
>> 
>>> On Feb 21, 2012, at 02:58 PM, Benjamin Peterson wrote:
>>> 
>>>> 2012/2/21 Antoine Pitrou <solipsis at pitrou.net>:
>>>>> 
>>>>> Hello,
>>>>> 
>>>>> Shouldn't it be enabled by default in 3.3?
>>> 
>>> Yes.
>>> 
>>>> Should you be able to disable it?
>>> 
>>> No, but you should be able to provide a seed.
>> 
>> I think that's inviting trouble if you can provide the seed. It leads to a
>> false sense of security in that providing some seed secures them instead of
>> just making it a tad harder for the attack.
>
>I might have misunderstood something, but wouldn't providing a seed always 
>make it *easier* for the attacker, compared to a randomized hash?

I don't think so.  You'd have to somehow coerce the sys.hash_seed out of the
process.  Not impossible perhaps, but unlikely unless the application isn't
written well and leaks that information (which is not Python's fault).

Plus, with randomization enabled, that won't help you much past the current
invocation of Python.

-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-dev/attachments/20120221/58d5884c/attachment.pgp>


More information about the Python-Dev mailing list