[Python-Dev] Hash collision security issue (now public)
Serhiy Storchaka
storchaka at gmail.com
Thu Jan 5 23:15:31 CET 2012
05.01.12 21:14, Glenn Linderman написав(ла):
> So, fixing the vulnerable packages could be a sufficient response,
> rather than changing the hash function. How to fix? Each of those
> above allocates and returns a dict. Simply have each of those allocate
> and return and wrapped dict, which has the following behaviors:
>
> i) during __init__, create a local, random, string.
> ii) for all key values, prepend the string, before passing it to the
> internal dict.
Good idea.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SafeDict.py
Type: text/x-python
Size: 1923 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-dev/attachments/20120106/99fba4a2/attachment.py>
More information about the Python-Dev
mailing list