[Python-Dev] Counting collisions for the win
Ivan Kozik
ivan at ludios.org
Fri Jan 20 05:06:25 CET 2012
On Fri, Jan 20, 2012 at 03:48, Guido van Rossum <guido at python.org> wrote:
> I think that's because your collision-counting algorithm was much more
> primitive than MAL's.
Conceded.
>> This,
>> combined with the second problem (needing to catch an exception), led
>> me to abandon this approach and write Securetypes, which has a
>> securedict that uses SHA-1. Not that I like this either; I think I'm
>> happy with the randomize-hash() approach.
>
>
> Why did you need to catch the exception? Were you not happy with the program
> simply terminating with a traceback when it got attacked?
No, I wasn't happy with termination. I wanted to treat it just like a
JSON decoding error, and send the appropriate response.
I actually forgot to mention the main reason I abandoned the
stop-at-N-collisions approach. I had a server with a dict that stayed
in memory, across many requests. It was being populated with
identifiers chosen by clients. I couldn't have my server stay broken
if this dict filled up with a bunch of colliding keys. (I don't think
I could have done another thing either, like nuke the dict or evict
some keys.)
Ivan
More information about the Python-Dev
mailing list