[Python-Dev] Make str/bytes hash algorithm pluggable?
Larry Hastings
larry at hastings.org
Sat Oct 5 08:53:12 CEST 2013
On 10/05/2013 01:14 AM, Victor Stinner wrote:
> And how do you retrieve the whole hash value from an HTTP page? You
> may retrieve some bits using specific HTTP requests, but not directly
> the whole hash value. I don't know any web page displaying directly
> the hash value of a string coming from the user request!?
Armin Rigo handwaves his way through an approach here:
http://bugs.python.org/issue14621#msg173455
You use a "timing attack" to get the algorithm to "leak" a bit at a
time. I have no idea how that actually works, I don't have a background
in security, nor a sufficiently devious mindset to work it out for myself.
//arry/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20131005/8d4842e0/attachment.html>
More information about the Python-Dev
mailing list