[Python-Dev] hash randomization in 3.3
Antoine Pitrou
solipsis at pitrou.net
Wed Feb 22 19:26:11 CET 2012
On Wed, 22 Feb 2012 12:59:33 -0500
Barry Warsaw <barry at python.org> wrote:
> On Feb 22, 2012, at 09:04 PM, Stephen J. Turnbull wrote:
>
> >Brett Cannon writes:
> >
> > > I think that's inviting trouble if you can provide the seed. It leads to a
> > > false sense of security
> >
> >I thought the point of providing the seed was for reproducability of
> >tests and the like?
> >
> >As for "false sense", can't we document this and chalk up hubristic
> >behavior to "consenting adults"?
>
> +1
How is it a "false sense of security" at all? It's the same as
setting a private secret for e.g. session cookies in Web applications.
As long as you don't leak the seed, it's (should be) secure.
(the only hypothetical issue being with Victor's choice of an LCG
pseudo-random generator to generate the secret from the seed)
Regards
Antoine.
More information about the Python-Dev
mailing list