[issue14621] Hash function is not randomized properly
Bob Ziuchkovski
report at bugs.python.org
Sun Dec 2 21:47:31 CET 2012
Bob Ziuchkovski added the comment:
Why not redefine -R to mean "use secure hashing algorithms for built-in types"?
When specified, use hashing algorithms that are secure against denial-of-service and other known attacks, at the possible expense of performance. When not specified, use whatever hashing algorithms provide the most sensible defaults for every-day use (basically hash the way python currently hashes).
Secure hashing would apply not just to strings but to numeric and other types as well. This would break the invariant of `x == y implies hash(x) == hash(y)` for numeric types that Mark mentioned. However, that seems like an implementation detail that python users shouldn't rely upon.
----------
nosy: +Bob.Ziuchkovski
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14621>
_______________________________________
More information about the Python-bugs-list
mailing list