[Python-Dev] Make str/bytes hash algorithm pluggable?
Guido van Rossum
guido at python.org
Thu Oct 3 21:45:10 CEST 2013
On Thu, Oct 3, 2013 at 12:23 PM, Christian Heimes <christian at python.org>wrote:
> Am 03.10.2013 21:05, schrieb Guido van Rossum:
> > Hm. I would like to stick to the philosophy that Python's hash
> > should be as fast as it possibly can be, and should not be mistaken
> > for a cryptographic hash. The point is to optimize dict lookups,
> > nothing more, given typical (or even atypical) key distribution,
> > not to thwart deliberate attacks. We already have adopted a feature
> > that plugged most viable attacks on web apps, I think that's
> > enough. I also agree with Antoine's response.
>
> Python's hash is neither as fast nor as secure as it can possibly be.
>
But fixing that shouldn't need all the extra stuff you're proposing.
It's not as fast because it doesn't use the full power of modern CPUs.
> In most cases the code processes only 1 or 2 bytes per cycle instead
> of 8 bytes on 64-bit architectures. Jean-Philippe Aumasson and Daniel
> J. Bernstein (who are coincidentally the authors of SipHash) have
> shown how to recover Python randomization keys.
>
What's a Python randomization key?
> SipHash:
> more secure and about same speed on most systems
>
Same speed as what?
> optimized FNV:
> faster but with a known issue
>
What issue?
--
--Guido van Rossum (python.org/~guido)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20131003/d589ccce/attachment.html>
More information about the Python-Dev
mailing list