[Python-Dev] Counting collisions for the win

Tres Seaver tseaver at palladion.com
Fri Jan 20 20:36:56 CET 2012

Hash: SHA1

On 01/20/2012 02:04 PM, Donald Stufft wrote:

> Even if a MemoryException is raised I believe that is still a 
> fundamental change in the documented contract of dictionary API.

How so?  Dictionary inserts can *already* raise that error.

> I don't believe there is a way to fix this without breaking someones 
> application. The major differences I see between the two solutions is
>  that counting will break people's applications who are otherwise 
> following the documented api contract of dictionaries,

Do you have a case in mind where legitimate user data (not crafted as
part of a DoS attack) would trip the 1000-collision limit?  How likely is
it that such cases exist in already-deployed applications, compared to
the known breakage in existing applications due to hash randomization?

> and randomization will break people's applications who are violating 
> the documented api contract of dictionaries.
> Personally I feel that the lesser of two evils is to reward those who
>  followed the documentation, and not reward those who didn't.

Except that I think your set is purely hypothetical, while the second set
is *lots* of deployed applications.

- -- 
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the Python-Dev mailing list