[issue13703] Hash collision security issue
Martin v. Löwis
report at bugs.python.org
Mon Jan 30 09:16:06 CET 2012
Martin v. Löwis <martin at v.loewis.de> added the comment:
> Rather than the "" empty string for off I suggest an explicit string
> that makes it clear what the meaning is. PYTHONHASHSEED="disabled"
> perhaps.
>
> Agreed, if we can have a single env var that is preferred. It is more
> obvious that the PYTHONHASHSEED env var. has no effect when it is set
> to a special value rather than when it is set to something but it is
> configured to be ignored by a _different_ env var.
I think this is bike-shedding. The requirements for environment
variables are
a) with no variable set, it must not do randomization
b) there must be a way to seed from the platform's RNG
Having an explicit seed actually is no requirement, so I'd propose
to drop PYTHONHASHSEED instead.
However, I really suggest to let the patch author (Dave Malcolm)
design the API within the constraints.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list