Defensive programming

[Paul Rubin]

Lulu of the Lotus-Eaters <mertz at gnosis.cx> writes:
> Well... for Python, I'd rather have a hash with excellent typical case
> performance than a typically slower one with more collision resistance.

I haven't seen any evidence that adding some countermeasure to the
attack would make any significant slowdown.  Until there's some
evidence I'm not willing to go along with assumptions that there will
be a slowdown.

> If my normal, non-DoS programs run a bit faster, that's something I
> experience every day... 

If you want your programs to run as fast as they can, then you're
using the wrong language.  And there are lots of other ways to speed
up Python.  For example, fixing the hash function is meeting
resistance because the interpreter does so many hash lookups.  But the
interpreter really doesn't need to do so many lookups, and the amount
of lookups is part of why Python programs are so slow.  Better to fix
the interpreter than to worry about shaving another nanosecond out of
a hash lookup.