[Python-Dev] Status of the fix for the hash collision ulnerability

Victor Stinner victor.stinner at haypocalc.com
Sun Jan 15 15:27:55 CET 2012


I don't think that it would be hard to patch this library to use
another hash function. It can implement its own hash function, use
MD5, SHA1, or anything else. hash() is not stable accross Python
versions and 32/64 bit systems.

Victor

2012/1/15 Hynek Schlawack <hs at ox.cx>:
> Am Sonntag, 15. Januar 2012 um 05:49 schrieb Steven D'Aprano:
>> > I don't think anyone doubts that this will break lots of code (at least,
>> > the arguments I've heard have been "their code is broken", not "nobody does
>> > that").
>>
>> I don't know about "lots" of code, but it will break at least one library (or
>> so I'm told):
>>
>> http://mail.python.org/pipermail/python-list/2012-January/1286535.html
> Sadly, suds is also Python's _only_ usable SOAP library at this moment. :( (on top of that, the development is in limbo ATM)
>
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> http://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: http://mail.python.org/mailman/options/python-dev/victor.stinner%40haypocalc.com


More information about the Python-Dev mailing list