[Python-Dev] [issue13703] Hash collision security issue
Glenn Linderman
v+python at g.nevcal.com
Fri Jan 27 07:47:57 CET 2012
On 1/26/2012 10:25 PM, Gregory P. Smith wrote:
> (and on top of all of this I believe we're all settled on having per
> interpreter hash randomization_as well_ in 3.3; but this AVL tree
> approach is one nice option for a backport to fix the major
> vulnerability)
If the tree code cures the problem, then randomization just makes
debugging harder. I think if it is included in 3.3, it needs to have a
switch to turn it on/off (whichever is not default).
I'm curious why AVL tree rather than RB tree, simpler implementation?
C++ stdlib includes RB tree, though, for even simpler implementation :)
Can we have a tree type in 3.3, independent of dict?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20120126/62d7a7e2/attachment.html>
More information about the Python-Dev
mailing list