[Python-Dev] Status of the fix for the hash collision vulnerability
Mark Dickinson
dickinsm at gmail.com
Fri Jan 13 18:08:26 CET 2012
On Fri, Jan 13, 2012 at 2:57 AM, Guido van Rossum <guido at python.org> wrote:
> How
> pathological the data needs to be before the collision counter triggers? I'd
> expect *very* pathological.
How pathological do you consider the set
{1 << n for n in range(2000)}
to be? What about the set:
ieee754_powers_of_two = {2.0**n for n in range(-1074, 1024)}
? The > 2000 elements of the latter set have only 61 distinct hash
values on 64-bit machine, so there will be over 2000 total collisions
involved in creating this set (though admittedly only around 30
collisions per hash value).
--
Mark
More information about the Python-Dev
mailing list