[Python-Dev] plugging the hash attack

martin at v.loewis.de martin at v.loewis.de
Sat Jan 28 02:49:26 CET 2012

> 1. Simple hash randomization is the way to go. We think this has the
> best chance of actually fixing the problem while being fairly
> straightforward such that we're comfortable putting it in a stable
> release.
> 2. It will be off by default in stable releases and enabled by an
> envar at runtime. This will prevent code breakage from dictionary
> order changing as well as people depending on the hash stability.

I think this is a good compromise given the widely varying assessments
of the issue.


More information about the Python-Dev mailing list