On 06/06/2012 11:11 AM, Dag Sverre Seljebotn wrote:
Stefan Behnel<stefan...@behnel.de> wrote:
mark florisson, 05.06.2012 22:33:
It doesn't even necessarily have to be about running user code, a
user
could craft data input which causes such a situation. For instance,
let's say we have a just-in-time specializer which specializes a
function for the runtime input types, and the types depend on the
user
input. For instance, if we write a web application we can post arrays
to described by a custom dtype, which draws pictures in some weird
way
for us. We can get it to specialize pretty much any array type, so
that gives us a good opportunity to find collisions.
Yes, and the bad thing is that a very high probability of having no
collisions even in combination with the need for a huge amount of brute
force work to find one is not enough. An attacker (or otherwise
interested
user) may just be lucky, and given how low in the application stack
this
will be used, such a bit of luck may have massive consequences.
Following that line of argument, I guess you keep your money in a mattress
then? Our modern world is built around the assumption that people don't get
*that* lucky.
(I agree though that 64 bits is not enough for the security usecase! I'm just
saying that 160 or 256 bits would be.)
(And just to be clear, my current stance is in favour of using interning
for the ID comparison, in the other head of this thread. I just couldn't
resist Stefan's bait.)
Dag
_______________________________________________
cython-devel mailing list
cython-devel@python.org
http://mail.python.org/mailman/listinfo/cython-devel
