Christian Heimes <li...@cheimes.de> added the comment: Thanks Victor!
> - hash(str) is now randomized using two random Py_hash_t values: > don't touch the critical loop, only add a prefix and a suffix At least for Python 2.x hash(str) and hash(unicode) have to yield the same result for ASCII only strings. > - PyOS_URandom() raises exceptions whereas it is called before > creating the interpreter state. I suppose that it cannot work like this. My patch compensates for the issue and calls Py_FatalError() when the random seed hasn't been initialized yet. You aren't special casing small strings. I fear that an attacker may guess the seed from several small strings. How about using another initial seed for strings shorter than 4 code points? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13703> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
