[Python-Dev] Hash collision security issue (now public)
Christian Heimes
lists at cheimes.de
Mon Jan 2 16:47:43 CET 2012
Am 01.01.2012 19:45, schrieb Terry Reedy:
> On 1/1/2012 10:13 AM, Guido van Rossum wrote:
>> PS. Is the collision-generator used in the attack code open source?
>
> As I posted before, Alexander Klink and Julian Wälde gave their project
> email as hashDoS at alech.de. Since they indicated disappointment in not
> hearing from Python, I presume they would welcome engagement.
Somebody should contact Alexander and Julian to let them know, that we
are working on the matter. It should be somebody "official" for the
initial contact, too. I've included Guido (BDFL), Barry (their initial
security contact) and MvL (most prominent German core dev) in CC, as
they are the logical choice for me.
I'm willing to have a phone call with them once the contact has been
established. IMHO it's slightly easier to talk in native tongue --
Alexander and Julian are German, too.
Christian
More information about the Python-Dev
mailing list