[Python-Dev] Hashing proposal: 64-bit hash

Serhiy Storchaka storchaka at gmail.com
Fri Jan 27 20:59:02 CET 2012

As already mentioned, the vulnerability of 64-bit Python rather theoretical and not practical. The size of the hash makes the attack is extremely unlikely. Perhaps the easiest change, avoid 32-bit Python on the vulnerability, will use 64-bit (or more) hash on all platforms. The performance is comparable to the randomization. Keys order depended code will be braked not stronger than when you change the platform or Python feature version. Maybe all the 64 bits used only for strings, and for other objects -- only the lower 32 bits.

More information about the Python-Dev mailing list