[issue13703] Hash collision security issue
Martin
report at bugs.python.org
Sun Jan 8 00:53:45 CET 2012
Martin <gzlist at googlemail.com> added the comment:
I built random-2.patch on my windows xp box (updating the project and fixing some compile errors in random.c required), and initialising crypto has a noticeable impact on startup time. The numbers vary a fair bit naturally, two representative runs are as follows:
changeset 52796:1ea8b7233fd7 on default branch:
>timeit %PY3K% -c "import sys;print(sys.version)"
3.3.0a0 (default, Jan 7 2012, 00:12:45) [MSC v.1500 32 bit (Intel)]
Version Number: Windows NT 5.1 (Build 2600)
Exit Time: 0:16 am, Saturday, January 7 2012
Elapsed Time: 0:00:00.218
Process Time: 0:00:00.187
System Calls: 4193
Context Switches: 445
Page Faults: 1886
Bytes Read: 642542
Bytes Written: 272
Bytes Other: 31896
with random-2.patch and fixes applied:
>timeit %PY3K% -c "import sys;print(sys.version)"
3.3.0a0 (default, Jan 7 2012, 00:58:32) [MSC v.1500 32 bit (Intel)]
Version Number: Windows NT 5.1 (Build 2600)
Exit Time: 0:59 am, Saturday, January 7 2012
Elapsed Time: 0:00:00.296
Process Time: 0:00:00.234
System Calls: 4712
Context Switches: 642
Page Faults: 2049
Bytes Read: 1059381
Bytes Written: 272
Bytes Other: 34544
This is with hot caches, cold will likely be worse, but a smaller percentage change. On a faster box, or with an SSD, or win 7, the delta will likely be smaller too.
A 50-100ms slow down is consistent with the difference on Python 2.7 between calling `os.urandom(1)` or not. However, the baseline is faster with Python 2, frequently dipping under 100ms, so there this change could double the runtime of trivial scripts.
----------
nosy: +gz
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list