[Python-Dev] Counting collisions for the win
Frank Sievertsen
pydev at sievertsen.de
Fri Jan 20 23:35:42 CET 2012
Am 20.01.2012 16:33, schrieb Guido van Rossum:
> (I'm thinking that the original attack is trivial once the set of
> 65000 colliding keys is public knowledge, which must be only a matter
> of time.
I think it's very likely that this will happen soon.
For ASP and PHP there is attack-payload publicly available.
PHP and ASP have patches to limit the number of query-variables.
We're very lucky that there's no public payload for python yet,
and all non-public software and payload I'm aware of is based
upon my software.
But this can change any moment. It's not really difficult to
write software to create 32bit-collisions.
Frank
More information about the Python-Dev
mailing list