[Python-Dev] Hash collision security issue (now public)
lists at cheimes.de
Sun Jan 1 17:34:31 CET 2012
Am 01.01.2012 17:09, schrieb Antoine Pitrou:
> On Sun, 01 Jan 2012 16:48:32 +0100
> Christian Heimes <lists at cheimes.de> wrote:
>> The talkers claim and have shown that it's too easy to pre-calculate
>> collisions with hashing algorithms similar to DJBX33X / DJBX33A. It
>> might be a good idea to change the hashing algorithm, too. Paul as
>> listed some new algorithms. Ruby 1.9 is using FNV
>> http://isthe.com/chongo/tech/comp/fnv/ which promises to be fast with a
>> good dispersion pattern.
> We already seem to be using a FNV-alike, is it just a matter of
> changing the parameters?
No, we are using something similar to DJBX33X. FNV is a completely
different type of hash algorithm.
More information about the Python-Dev