[Python-Dev] Make str/bytes hash algorithm pluggable?
Victor Stinner
victor.stinner at gmail.com
Sat Oct 5 01:14:52 CEST 2013
2013/10/5 Larry Hastings <larry at hastings.org>:
> On 10/04/2013 11:15 AM, Victor Stinner wrote:
>
> 2013/10/4 Armin Rigo <arigo at tunes.org>:
>
> The current hash randomization is
> simply not preventing anything; someone posted long ago a way to
> recover bit-by-bit the hash randomized used by a remote web program in
> Python running on a server.
>
> Oh interesting, is it public?
>
>
> http://events.ccc.de/congress/2012/Fahrplan/events/5152.en.html
>
> Quoting the synopsis:
>
> We also describe a vulnerability of Python's new randomized hash, allowing
> an attacker to easily recover the 128-bit secret seed.
SipHash homepage contains a "proof of concept" to compute the secret:
https://131002.net/siphash/poc.py
But the script is not an exploit on a web server, but a script running
locally. It requires for example to know the hash of strings "\0" and
"\0\0". I would like to know if it's possible to retrieve such
information in practice.
And how do you retrieve the whole hash value from an HTTP page? You
may retrieve some bits using specific HTTP requests, but not directly
the whole hash value. I don't know any web page displaying directly
the hash value of a string coming from the user request!?
I'm not saying that the hash DoS does not exist, I'm just trying to
estimate the risk (compared to other DoS attacks). Changing the
default hash function is also risky and has a (well, minor) impact on
performances.
Victor
More information about the Python-Dev
mailing list