[Python-Dev] Hash collision security issue (now public)

Terry Reedy tjreedy at udel.edu
Sun Jan 1 19:46:51 CET 2012

On 1/1/2012 12:28 PM, Christian Heimes wrote:
> Am 01.01.2012 17:54, schrieb Antoine Pitrou:
>> I don't understand. FNV-1 multiplies the current running result with a
>> prime and then xors it with the following byte. This is also what we do.
>> (I'm assuming 1000003 is prime)
> There must be a major difference somewhere inside the algorithm. The
> talk at the CCC conference in Berlin mentions that Ruby 1.9 is not
> vulnerable to meet-in-the-middle attacks and Ruby 1.9 uses FNV. The C
> code of FNV is more complex than our code, too.

I understood Alexander Klink and Julian Wälde, hashDoS at alech.de, as 
saying that they consider that using a random non-zero start value is 
sufficient to make the hash non-vulnerable.

Terry Jan Reedy

More information about the Python-Dev mailing list