[Python-Dev] Hash collision security issue (now public)
Mark Shannon
mark at hotpy.org
Fri Jan 6 10:18:39 CET 2012
Serhiy Storchaka wrote:
> 06.01.12 02:10, Nick Coghlan написав(ла):
>> Not a good idea - a lot of the 3rd party tests that depend on dict
>> ordering are going to be using those modules anyway, so scattering our
>> solution across half the standard library is needlessly creating
>> additional work without really reducing the incompatibility problem.
>> If we're going to change anything, it may as well be the string
>> hashing algorithm itself.
>
> Changing the string hashing algorithm will hit the general performance
> and also will break down any code that depend on dict ordering.
> Specialized dict slow down only needed parts of some applications.
The minimal proposed change of seeding the hash from a global value (a
single memory read and an addition) will have such a minimal performance
effect that it will be undetectable even on the most noise-free testing
environment.
Cheers,
Mark
More information about the Python-Dev
mailing list