[Python-Dev] Hash collision security issue (now public)
Georg Brandl
g.brandl at gmx.net
Mon Jan 2 18:38:41 CET 2012
On 01/02/2012 04:47 PM, Christian Heimes wrote:
> Am 01.01.2012 19:45, schrieb Terry Reedy:
>> On 1/1/2012 10:13 AM, Guido van Rossum wrote:
>>> PS. Is the collision-generator used in the attack code open source?
>>
>> As I posted before, Alexander Klink and Julian Wälde gave their project
>> email as hashDoS at alech.de. Since they indicated disappointment in not
>> hearing from Python, I presume they would welcome engagement.
>
> Somebody should contact Alexander and Julian to let them know, that we
> are working on the matter. It should be somebody "official" for the
> initial contact, too. I've included Guido (BDFL), Barry (their initial
> security contact) and MvL (most prominent German core dev) in CC, as
> they are the logical choice for me.
>
> I'm willing to have a phone call with them once the contact has been
> established. IMHO it's slightly easier to talk in native tongue --
> Alexander and Julian are German, too.
I wouldn't expect too much -- they seem rather keen on cheap laughs:
http://twitter.com/#!/bk3n/status/152068096448921600/photo/1/large
Georg
More information about the Python-Dev
mailing list