[Python-Dev] Hash collision security issue (now public)
Christian Heimes
lists at cheimes.de
Mon Jan 2 16:18:41 CET 2012
Am 02.01.2012 06:55, schrieb Paul McMillan:
> I think Ruby uses FNV-1 with a salt, making it less vulnerable to
> this. FNV is otherwise similar to our existing hash function.
>
> For the record, cryptographically strong hash functions are in the
> neighborhood of 400% slower than our existing hash function.
I've pushed a new patch
http://hg.python.org/features/randomhash/rev/0a65d2462e0c
The changeset adds the murmur3 hash algorithm with some minor changes,
for example more random seeds. At first I was worried that murmur might
be slower than our old hash algorithm. But in fact it seems to be faster!
Pybench 10 rounds on my Core2 Duo 2.60:
py3k: 3.230 sec
randomahash: 3.182 sec
Christian
More information about the Python-Dev
mailing list