[Python-Dev] Make str/bytes hash algorithm pluggable?
Christian Heimes
christian at python.org
Thu Oct 3 21:23:20 CEST 2013
Am 03.10.2013 21:05, schrieb Guido van Rossum:
> Hm. I would like to stick to the philosophy that Python's hash
> should be as fast as it possibly can be, and should not be mistaken
> for a cryptographic hash. The point is to optimize dict lookups,
> nothing more, given typical (or even atypical) key distribution,
> not to thwart deliberate attacks. We already have adopted a feature
> that plugged most viable attacks on web apps, I think that's
> enough. I also agree with Antoine's response.
Python's hash is neither as fast nor as secure as it can possibly be.
It's not as fast because it doesn't use the full power of modern CPUs.
In most cases the code processes only 1 or 2 bytes per cycle instead
of 8 bytes on 64-bit architectures. Jean-Philippe Aumasson and Daniel
J. Bernstein (who are coincidentally the authors of SipHash) have
shown how to recover Python randomization keys.
SipHash:
more secure and about same speed on most systems
optimized FNV:
faster but with a known issue
Christian
More information about the Python-Dev
mailing list