[Python-Dev] Hash collision security issue (now public)
steve at pearwood.info
Fri Jan 6 01:07:27 CET 2012
David Malcolm wrote:
> When backporting the fix to ancient python versions, I'm inclined to
> turn the change *off* by default, requiring the change to be enabled via
> an environment variable: I want to avoid breaking existing code, even if
> such code is technically relying on non-guaranteed behavior. But we
> could potentially tweak mod_python/mod_wsgi so that it defaults to *on*.
> That way /usr/bin/python would default to the old behavior, but web apps
> would have some protection. Any such logic here also suggests the need
> for an attribute in the sys module so that you can verify the behavior.
Surely the way to verify the behaviour is to run this from the shell:
python -c print(hash("abcde"))
twice, and see that the calls return different values. (Or have I
misunderstood the way the fix is going to work?)
In any case, I wouldn't want to rely on the presence of a flag in the sys
module to verify the behaviour, I'd want to see for myself that hash
collisions are no longer predictable.
More information about the Python-Dev