[Python-Dev] Hash collision security issue (now public)

Serhiy Storchaka storchaka at gmail.com
Thu Jan 5 23:15:31 CET 2012

05.01.12 21:14, Glenn Linderman написав(ла):
> So, fixing the vulnerable packages could be a sufficient response,
> rather than changing the hash function.  How to fix?  Each of those
> above allocates and returns a dict.  Simply have each of those allocate
> and return and wrapped dict, which has the following behaviors:
> i) during __init__, create a local, random, string.
> ii) for all key values, prepend the string, before passing it to the
> internal dict.

Good idea.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SafeDict.py
Type: text/x-python
Size: 1923 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-dev/attachments/20120106/99fba4a2/attachment.py>

More information about the Python-Dev mailing list