[Python-Dev] Counting collisions for the win

Victor Stinner victor.stinner at haypocalc.com
Fri Jan 20 17:04:18 CET 2012

> (I'm thinking that the original
> attack is trivial once the set of 65000 colliding keys is public knowledge,
> which must be only a matter of time.)

I have a program able to generate collisions: it takes 1 second to
compute 60,000 colliding strings on a desktop computer. So the
security of the randomized hash is based on the fact than the attacker
cannot compute the secret.


More information about the Python-Dev mailing list