[Python-Dev] [issue13703] Hash collision security issue

martin at v.loewis.de martin at v.loewis.de
Sat Jan 28 01:53:40 CET 2012

> How so? None of the patches did, but I think it was said several times
> that other types (int, tuple, float) could also be converted to use
> randomized hashes. What's more, there isn't any technical difficulty in
> doing so.

The challenge again is about incompatibility: the more types you apply this
to, the higher the risk of breaking third-party code.

Plus you still risk that the hash seed might leak out of the application,
opening it up again to the original attack.

More information about the Python-Dev mailing list