[Python-Dev] Make str/bytes hash algorithm pluggable?
Christian Heimes
christian at python.org
Thu Oct 3 21:55:20 CEST 2013
Am 03.10.2013 21:45, schrieb Guido van Rossum:
> But fixing that shouldn't need all the extra stuff you're
> proposing.
I have proposed some of the extra stuff for more flexibility, the rest
is for testing and debugging.
> What's a Python randomization key?
Python's hash randomization key, the seed to randomize the output of
hash() for bytes and str.
> SipHash: more secure and about same speed on most systems
>
> Same speed as what?
Same speed as the current algorithm in Python 3.3 and earlier.
> optimized FNV: faster but with a known issue
>
> What issue?
Quote from https://131002.net/siphash/#at
---
Jointly with Martin Boßlet, we demonstrated weaknesses in MurmurHash
(used in Ruby, Java, etc.), CityHash (used in Google), and in Python's
hash. Some of the technologies affected have switched to SipHash. See
this oCERT advisory, and the following resources:
[...]
- Python script https://131002.net/siphash/poc.py to recover
the secret seed of the hash randomization in Python 2.7.3 and
3.2.3
---
It's all documented in my PEP draft, too.
Christian
More information about the Python-Dev
mailing list