STINNER Victor <victor.stin...@haypocalc.com> added the comment: Paul first proposition (on python-dev) was to replace:
... x = (ord(s[0]) << 7) while i < length: x = intmask((1000003*x) ^ ord(s[i])) ... by: ... x = (ord(s[0]) << 7) while i < length: x = intmask((1000003*x) ^ ord(s[i])) ^ r[x % len_r] ... This change has a vulnerability similar than the one of Christian's suggested changed. The "r" array can be retreived directly with: r2 = [] for i in xrange(len(r)): s = chr(intmask(i * UNSHIFT7) % len(r)) h = intmask(hash(s) ^ len(s) ^ ord(s) ^ ((ord(s) << 7) * MOD)) r2.append(chr(h)) r2 = ''.join(r2) where UNSHIFT7 = 1/2**7 mod 2^(long bits). By the way, this change always use r[0] to hash all string of one ASCII character (U+0000-U+007F). ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13703> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com