[Python-Dev] Hash collision security issue (now public)

Glenn Linderman v+python at g.nevcal.com
Fri Jan 6 04:46:53 CET 2012

On 1/5/2012 5:52 PM, Steven D'Aprano wrote:
> At some point, presuming that there is no speed penalty, the behaviour 
> will surely become not just enabled by default but mandatory. Python 
> has never promised that hashes must be predictable or consistent, so 
> apart from backwards compatibility concerns for old versions, future 
> versions of Python should make it mandatory. Presuming that there is 
> no speed penalty, I'd argue in favour of making it mandatory for 3.3. 
> Why do we need a flag for something that is going to be always on? 

I think the whole paragraph is invalid, because it presumes there is no 
speed penalty.  I presume there will be a speed penalty, until 
benchmarking shows otherwise.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20120105/e1afef47/attachment.html>

More information about the Python-Dev mailing list