Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2012-January/115334.html below:

[Python-Dev] Hash collision security issue (now public)

• Previous message: [Python-Dev] Hash collision security issue (now public)
• Next message: [Python-Dev] Hash collision security issue (now public)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 6, 2012 at 10:07 AM, Steven D'Aprano <steve at pearwood.info> wrote:
> Surely the way to verify the behaviour is to run this from the shell:
>
> python -c print(hash("abcde"))
>
> twice, and see that the calls return different values. (Or have I
> misunderstood the way the fix is going to work?)
>
> In any case, I wouldn't want to rely on the presence of a flag in the sys
> module to verify the behaviour, I'd want to see for myself that hash
> collisions are no longer predictable.

More directly, you can just check that the hash of the empty string is non-zero.

So -1 for a flag in the sys module - "hash('') != 0" should serve as a
sufficient check whether or not process-level string hash
randomisation is in effect.

Cheers,
Nick.

-- 
Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

• Previous message: [Python-Dev] Hash collision security issue (now public)
• Next message: [Python-Dev] Hash collision security issue (now public)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4