[Python-Dev] Make str/bytes hash algorithm pluggable?
Antoine Pitrou
solipsis at pitrou.net
Fri Oct 4 17:57:11 CEST 2013
Le Fri, 04 Oct 2013 17:13:32 +0200,
martin at v.loewis.de a écrit :
>
> Whether this is a serious threat or not depends on what other threats
> the system being attacked is vulnerable to. Maybe there is something
> even simpler, or maybe the hash attack is the only hope of bringing
> the system to its knees.
>
> IMO, the hash attack is particularly tricky since it is very easy to
> argue and very difficult to demonstrate.
If you know how to generate colliding hashes, it's actually relatively
easy to demonstrate, assuming you know how a particular Web application
processes its incoming requests (which you do if it's a standard Web
application such as hgweb).
Regards
Antoine.
More information about the Python-Dev
mailing list