On Feb 25, 2014, at 8:17 AM, Antoine Pitrou <solipsis at pitrou.net> wrote: > On Tue, 25 Feb 2014 08:08:09 -0500 > Donald Stufft <donald at stufft.io> wrote: >> >> Hash randomization is broken and doesn’t fix anything. > > Not sure what you mean with "doesn't fix anything". Hash collisions were > easy to exploit pre-hash randomization, they doesn't seem as easy to > exploit with it. Instead of pre-generating one set of values that can be be used to DoS things you have to pre-generate 256 sets of values and try them until you get the right one. It’s like putting on armor made of paper and saying it’s harder to stab you now. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://mail.python.org/pipermail/python-dev/attachments/20140225/e5a6934f/attachment-0001.sig>
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4