btw, Tim's commit message on this one is amusingly relevant. :) http://hg.python.org/cpython/diff/8d2bbbbf2cb9/Objects/dictobject.c On Fri, Jan 13, 2012 at 6:25 PM, Gregory P. Smith <greg at krypto.org> wrote: > >> Clearly these ideas are more complex than adding randomization, but >> adding randomization doesn't seem to be produce immunity from attack, when >> data about the randomness is leaked. >> > > Which will not normally happen. > > I'm firmly in the camp that believes the random seed can be probed and > determined by creatively injecting values and measuring timing of things. > But doing that is difficult and time and bandwidth intensive so the per > process random hash seed is good enough. > > There's another elephant in the room here, if you want to avoid this > attack use a 64-bit Python build as it uses 64-bit hash values that are > significantly more difficult to force a collision on. > > -gps > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20120113/bfe8d3f3/attachment.html>
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4