[issue33919] Expose _PyCoreConfig structure to Python
Nick Coghlan
report at bugs.python.org
Sat Jun 23 23:21:08 EDT 2018
Nick Coghlan <ncoghlan at gmail.com> added the comment:
Back on the original hash seed topic:
1. The exact size of the seed ranges from 128 bits (SIPHash) to 32-bits depending on exactly which hash algorithm you're talking about (https://www.python.org/dev/peps/pep-0456/#hash-secret)
2. While PEP 456 doesn't state it explicitly, my recollection is that omitting the exact hash seed value from the Python level API was a deliberate decision, since one of the *purposes* of PEP 456 was to protect against seed recovery attacks like https://131002.net/siphash/poc.py. Being able to read the seed directly from the sys modules would rather simplify the task of seed recovery :)
Only exposing a `forced_hash_seed` (and hiding randomly generated ones as `forced_hash_seed=None`) seems reasonable though, since those can already be read from os.environ anyway.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue33919>
_______________________________________
More information about the Python-bugs-list
mailing list