[Python-Dev] Hash collision security issue (now public)
Glenn Linderman
v+python at g.nevcal.com
Fri Jan 6 04:46:53 CET 2012
On 1/5/2012 5:52 PM, Steven D'Aprano wrote:
>
> At some point, presuming that there is no speed penalty, the behaviour
> will surely become not just enabled by default but mandatory. Python
> has never promised that hashes must be predictable or consistent, so
> apart from backwards compatibility concerns for old versions, future
> versions of Python should make it mandatory. Presuming that there is
> no speed penalty, I'd argue in favour of making it mandatory for 3.3.
> Why do we need a flag for something that is going to be always on?
I think the whole paragraph is invalid, because it presumes there is no
speed penalty. I presume there will be a speed penalty, until
benchmarking shows otherwise.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20120105/e1afef47/attachment.html>
More information about the Python-Dev
mailing list