[Python-Dev] plugging the hash attack
Guido van Rossum
guido at python.org
Sat Jan 28 03:40:32 CET 2012
On Fri, Jan 27, 2012 at 5:19 PM, Benjamin Peterson <benjamin at python.org> wrote:
> Hello everyone,
> In effort to get a fix out before Perl 6 goes mainstream, Barry and I
> have decided to pronounce on what we want for our stable releases.
> What we have decided is that
> 1. Simple hash randomization is the way to go. We think this has the
> best chance of actually fixing the problem while being fairly
> straightforward such that we're comfortable putting it in a stable
> release.
> 2. It will be off by default in stable releases and enabled by an
> envar at runtime. This will prevent code breakage from dictionary
> order changing as well as people depending on the hash stability.
Okay, good call!
--
--Guido van Rossum (python.org/~guido)
More information about the Python-Dev
mailing list