[Python-Dev] Counting collisions for the win

[Antoine Pitrou]

On Fri, 20 Jan 2012 17:17:24 +0100
Victor Stinner <victor.stinner at haypocalc.com> wrote:
> > So I still think we should ditch the paranoia about dictionary order changing,
> > and fix this without counting.
> 
> The randomized hash has other issues:
> 
>  - its security is based on its secret, whereas it looks to be easy to
> compute it (see more details in the issue)

How do you compute the secret? I see two possibilities:

- the application leaks the hash() values: this sounds unlikely since I
  don't see the use case for it;

- the application shows the dict iteration order (e.g. order of HTML
  attributes): then we could add a second per-dictionary secret so that
  the iteration order of a single dict doesn't give any useful
  information about the hash function.

But the bottom line for me is the following:

- randomized hashes eliminate the possibility to use a single exploit
  for all Python-powered applications: for each application, the
  attacker now has to find a way to extract the secret;

- collision counting doesn't eliminate the possibility of generic
  exploits, as Frank Sievertsen has just shown in
  http://mail.python.org/pipermail/python-dev/2012-January/115726.html

Regards

Antoine.