[Python-Dev] [issue13703] Hash collision security issue
martin at v.loewis.de
martin at v.loewis.de
Sat Jan 28 01:53:40 CET 2012
> How so? None of the patches did, but I think it was said several times
> that other types (int, tuple, float) could also be converted to use
> randomized hashes. What's more, there isn't any technical difficulty in
> doing so.
The challenge again is about incompatibility: the more types you apply this
to, the higher the risk of breaking third-party code.
Plus you still risk that the hash seed might leak out of the application,
opening it up again to the original attack.
More information about the Python-Dev
mailing list