[Python-Dev] plugging the hash attack
ncoghlan at gmail.com
Mon Jan 30 22:07:53 CET 2012
On Tue, Jan 31, 2012 at 3:03 AM, Brett Cannon <brett at python.org> wrote:
> I think that would be good. And I would even argue we remove support for
> turning it off to force people to no longer lean on dict ordering as a
> crutch (in 3.3 obviously).
On-by-default should be enough to cover that. Just as we allow people
to force the random seed to reproduce particular sequences, there's
value in being able to increase determinism in cases where the
collision attack isn't a concern.
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Python-Dev