[Python-Dev] Hash collision security issue (now public)

Guido van Rossum guido at python.org
Mon Jan 2 19:29:29 CET 2012


On Mon, Jan 2, 2012 at 7:47 AM, Christian Heimes <lists at cheimes.de> wrote:

> Am 01.01.2012 19:45, schrieb Terry Reedy:
> > On 1/1/2012 10:13 AM, Guido van Rossum wrote:
> >> PS. Is the collision-generator used in the attack code open source?
> >
> > As I posted before, Alexander Klink and Julian Wälde gave their project
> > email as hashDoS at alech.de. Since they indicated disappointment in not
> > hearing from Python, I presume they would welcome engagement.
>
> Somebody should contact Alexander and Julian to let them know, that we
> are working on the matter. It should be somebody "official" for the
> initial contact, too. I've included Guido (BDFL), Barry (their initial
> security contact) and MvL (most prominent German core dev) in CC, as
> they are the logical choice for me.
>
> I'm willing to have a phone call with them once the contact has been
> established. IMHO it's slightly easier to talk in native tongue --
> Alexander and Julian are German, too.
>

I'm not sure I see the point -- just give them a link to the python-dev
archives.

-- 
--Guido van Rossum (python.org/~guido)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20120102/1c1c673a/attachment.html>


More information about the Python-Dev mailing list