[issue13703] Hash collision security issue
Jim Jewett
report at bugs.python.org
Tue Feb 14 21:34:56 CET 2012
Jim Jewett <jimjjewett at gmail.com> added the comment:
On Mon, Feb 13, 2012 at 3:37 PM, Dave Malcolm
<dmalcolm at redhat.com> added the comment:
> * added comments about the specialcasing of length 0:
> /*
> We make the hash of the empty string be 0, rather than using
> (prefix ^ suffix), since this slightly obfuscates the hash secret
> */
Frankly, other short strings may give away even more, because you can
put several into the same dict.
I would prefer that the randomization not kick in until strings are at
least 8 characters, but I think excluding length 1 is a pretty obvious
win.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list