[Python-Dev] Hash collision security issue (now public)
Victor Stinner
victor.stinner at haypocalc.com
Sat Dec 31 03:31:03 CET 2011
Le 29/12/2011 14:19, Christian Heimes a écrit :
> Perhaps the dict code is a better place for randomization.
The problem is the creation of a dict with keys all having the same hash
value. The current implementation of dict uses a linked-list. Adding a
new item requires to compare the new key to all existing keys (compare
the value, not the hash, which is much slower).
We had to change completly how dict is implemented to be able to fix
this issue. I don't think that we can change the dict implementation
without breaking backward compatibility or breaking applications. Change
the implementation would change dict properties, and applications rely
on the properties of the current implementation.
Tell me if I am wrong.
Victor
More information about the Python-Dev
mailing list