[Python-Dev] hash randomization in 3.3
Brett Cannon
brett at python.org
Tue Feb 21 22:31:17 CET 2012
On Tue, Feb 21, 2012 at 15:58, Xavier Morel <python-dev at masklinn.net> wrote:
> On 2012-02-21, at 21:24 , Brett Cannon wrote:
> > On Tue, Feb 21, 2012 at 15:05, Barry Warsaw <barry at python.org> wrote:
> >
> >> On Feb 21, 2012, at 02:58 PM, Benjamin Peterson wrote:
> >>
> >>> 2012/2/21 Antoine Pitrou <solipsis at pitrou.net>:
> >>>>
> >>>> Hello,
> >>>>
> >>>> Shouldn't it be enabled by default in 3.3?
> >>
> >> Yes.
> >>
> >>> Should you be able to disable it?
> >>
> >> No, but you should be able to provide a seed.
> >
> > I think that's inviting trouble if you can provide the seed. It leads to
> a
> > false sense of security in that providing some seed secures them instead
> of
> > just making it a tad harder for the attack.
>
> I might have misunderstood something, but wouldn't providing a seed always
> make it *easier* for the attacker, compared to a randomized hash?
>
Yes, that was what I was trying to convey.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20120221/3e6670a1/attachment.html>
More information about the Python-Dev
mailing list