Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2013-October/129172.html below:

[Python-Dev] Make str/bytes hash algorithm pluggable?

• Previous message: [Python-Dev] Make str/bytes hash algorithm pluggable?
• Next message: [Python-Dev] Make str/bytes hash algorithm pluggable?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/04/2013 11:15 AM, Victor Stinner wrote:
> 2013/10/4 Armin Rigo <arigo at tunes.org>:
>> The current hash randomization is
>> simply not preventing anything; someone posted long ago a way to
>> recover bit-by-bit the hash randomized used by a remote web program in
>> Python running on a server.
> Oh interesting, is it public?

http://events.ccc.de/congress/2012/Fahrplan/events/5152.en.html

Quoting the synopsis:

    We also describe a vulnerability of Python's new randomized hash,
    allowing an attacker to easily recover the 128-bit secret seed.


I found all that while reading this interesting, yet moribund, bug report:

    http://bugs.python.org/issue14621

I guess there was enough bike shedding that people ran out of steam, or 
something.  It happens.


//arry/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20131005/fb0c10e9/attachment.html>

• Previous message: [Python-Dev] Make str/bytes hash algorithm pluggable?
• Next message: [Python-Dev] Make str/bytes hash algorithm pluggable?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4