[Python-Dev] Hash collision security issue (now public)
Terry Reedy
tjreedy at udel.edu
Mon Jan 2 11:25:16 CET 2012
On 1/2/2012 12:55 AM, Paul McMillan wrote:
>> Terry Reedy said:
>> I understood Alexander Klink and Julian Wälde, hashDoS at alech.de, as saying
>> that they consider that using a random non-zero start value is sufficient to
>> make the hash non-vulnerable.
>
> I've been talking to them. They're happy to look at our proposed
> changes. They indicate that a non-zero start value is sufficient to
> prevent the attack, but D. J. Bernstein disagrees with them. He also
> has indicated a willingness to look at our solution.
Great. My main concern currently is that there should be no noticeable
slowdown for 64 bit builds which are apparently not vulnerable and which
therefore would get no benefit.
Terry Jan Reedy
More information about the Python-Dev
mailing list