[Python-Dev] Status of the fix for the hash collision vulnerability

Guido van Rossum guido at python.org
Sat Jan 14 02:38:02 CET 2012

On Fri, Jan 13, 2012 at 5:17 PM, Antoine Pitrou <solipsis at pitrou.net> wrote:

> On Thu, 12 Jan 2012 18:57:42 -0800
> Guido van Rossum <guido at python.org> wrote:
> > Hm... I started out as a big fan of the randomized hash, but thinking
> more
> > about it, I actually believe that the chances of some legitimate app
> having
> > >1000 collisions are way smaller than the chances that somebody's code
> will
> > break due to the variable hashing.
> Breaking due to variable hashing is deterministic: you notice it as
> soon as you upgrade (and then you use PYTHONHASHSEED to disable
> variable hashing). That seems better than unpredictable breaking when
> some legitimate collision chain happens.

Fair enough. But I'm now uncomfortable with turning this on for bugfix
releases. I'm fine with making this the default in 3.3, just not in 3.2,
3.1 or 2.x -- it will break too much code and organizations will have to
roll back the release or do extensive testing before installing a bugfix
release -- exactly what we *don't* want for those.

FWIW, I don't believe in the SafeDict solution -- you never know which
dicts you have to change.

--Guido van Rossum (python.org/~guido)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20120113/b7b4c44f/attachment.html>

More information about the Python-Dev mailing list