On Fri, Jan 20, 2012 at 03:48, Guido van Rossum <guido at python.org> wrote: > I think that's because your collision-counting algorithm was much more > primitive than MAL's. Conceded. >> This, >> combined with the second problem (needing to catch an exception), led >> me to abandon this approach and write Securetypes, which has a >> securedict that uses SHA-1. Not that I like this either; I think I'm >> happy with the randomize-hash() approach. > > > Why did you need to catch the exception? Were you not happy with the program > simply terminating with a traceback when it got attacked? No, I wasn't happy with termination. I wanted to treat it just like a JSON decoding error, and send the appropriate response. I actually forgot to mention the main reason I abandoned the stop-at-N-collisions approach. I had a server with a dict that stayed in memory, across many requests. It was being populated with identifiers chosen by clients. I couldn't have my server stay broken if this dict filled up with a bunch of colliding keys. (I don't think I could have done another thing either, like nuke the dict or evict some keys.) Ivan
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4