[Python-Dev] Hash collision security issue (now public)
Paul Moore
p.f.moore at gmail.com
Fri Jan 6 21:52:55 CET 2012
On 6 January 2012 20:25, Mark Shannon <mark at hotpy.org> wrote:
> Hi,
>
> It seems to me that half the folk discussing this issue want a super-strong,
> resist-all-hypothetical-attacks hash with little regard to performance. The
> other half want no change or a change that will have no observable effect.
> (I may be exaggerating a little.)
>
> Can I propose the following, half-way proposal:
>
> 1. Since there is a published vulnerability,
> that we fix it with the most efficient solution proposed so far:
> http://bugs.python.org/file24143/random-2.patch
>
> 2. Decide which versions of Python this should be applied to.
> 3.3 seems a given, the other are open to debate.
>
> 3. If and only if (and I think this unlikely) the solution chosen is shown
> to be vulnerable to a more sophisticated attack then a new issue should be
> opened and dealt with separately.
+1
Paul
More information about the Python-Dev
mailing list