[Python-Dev] Counting collisions for the win

Ivan Kozik ivan at ludios.org
Fri Jan 20 05:06:25 CET 2012

On Fri, Jan 20, 2012 at 03:48, Guido van Rossum <guido at python.org> wrote:
> I think that's because your collision-counting algorithm was much more
> primitive than MAL's.


>> This,
>> combined with the second problem (needing to catch an exception), led
>> me to abandon this approach and write Securetypes, which has a
>> securedict that uses SHA-1.  Not that I like this either; I think I'm
>> happy with the randomize-hash() approach.
> Why did you need to catch the exception? Were you not happy with the program
> simply terminating with a traceback when it got attacked?

No, I wasn't happy with termination.  I wanted to treat it just like a
JSON decoding error, and send the appropriate response.

I actually forgot to mention the main reason I abandoned the
stop-at-N-collisions approach.  I had a server with a dict that stayed
in memory, across many requests.  It was being populated with
identifiers chosen by clients.  I couldn't have my server stay broken
if this dict filled up with a bunch of colliding keys.  (I don't think
I could have done another thing either, like nuke the dict or evict
some keys.)


More information about the Python-Dev mailing list