[Python-Dev] [issue13703] Hash collision security issue
Antoine Pitrou
solipsis at pitrou.net
Sat Jan 28 01:32:42 CET 2012
> I don't consider it mandatory to fix all issues with hash collision.
> In fact, none of the strategies fixes all issues with hash collisions;
> even the hash-randomization solutions only deal with string keys, and
> don't consider collisions on non-string keys.
How so? None of the patches did, but I think it was said several times
that other types (int, tuple, float) could also be converted to use
randomized hashes. What's more, there isn't any technical difficulty in
doing so.
And once you have randomized the hashes for these 4 or 5 built-in
types, most third-party types follow since the common case of a
__hash__ implementation is to call hash() on one or several
constituents.
Regards
Antoine.
More information about the Python-Dev
mailing list