[Python-Dev] Hash collision security issue (now public)

Anders J. Munch ajm at flonidan.dk
Mon Jan 2 16:34:00 CET 2012

> On 1/1/2012 12:28 PM, Christian Heimes wrote:
> I understood Alexander Klink and Julian Wälde, hashDoS at alech.de, as
> saying that they consider that using a random non-zero start value is
> sufficient to make the hash non-vulnerable.

Sufficient against their current attack.  But will it last?  For a
long-running server, there must be plenty of ways information can leak
that will help guessing that start value.

The alternative, to provide a dict-like datastructure for use with
untrusted input, deserves consideration.  Perhaps something simpler
than a balanced tree would do?  How about a dict-like class that is
built on a lazily sorted list?  Insertions basically just do
list.append and set a dirty-flag, and lookups use bisect - sorting
first if the dirty-flag is set.  It wouldn't be complete dict
replacement by any means, mixing insertions and lookups would have
terrible performance, but for something like POST parameters it should
be good enough.

I half expected to find something like that on activestate recipes
already, but couldn't find any.

regards, Anders

More information about the Python-Dev mailing list