On 12/30/2011 8:04 PM, Jim Jewett wrote: > I'll state it more strongly. hash probably should not change (at > least for this), I agree, especially since the vulnerability can be avoided by using 64 bit servers and will generally abate as more switch anyway. > but we may > want to consider a different conflict resolution strategy when the > first slot is already filled. > > Remember that there was a fair amount of thought and timing effort put > into selecting the > current strategy; it is deliberately sub-optimal for random input, in > order to do better with > typical input.< > http://hg.python.org/cpython/file/7010fa9bd190/Objects/dictnotes.txt> It would be good to have a set of attack strings to see how vulernerable Py dicts actually are (Python may not have been actually tested with data) and the affect of any change. I gave the project email of the 2 presenters in my first post. They apparently want to work with language developers to improve defenses against attack. -- Terry Jan Reedy
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4