[Python-Dev] Status of the fix for the hash collision vulnerability
Gregory P. Smith
greg at krypto.org
Sat Jan 14 20:17:01 CET 2012
My patch example does change the bytes object hash as well as Unicode.
On Jan 13, 2012 7:46 PM, <martin at v.loewis.de> wrote:
> What an implementation looks like:
>> some stuff to be filled in, but this is all that is really required.
> I think this statement (and the patch) is wrong. You also need to change
> the byte string hashing, at least for 2.x. This I consider the biggest
> flaw in that approach - other people may have written string-like objects
> which continue to compare equal to a string but now hash different.
> Python-Dev mailing list
> Python-Dev at python.org
> Unsubscribe: http://mail.python.org/**mailman/options/python-dev/**
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-Dev