Christian Heimes added the comment:

Our hash randomization will always leak some information about the 
randomization keys. The only way to properly secure our secrets is a 
cryptographic secure algorithms, for example a crypto hashing function in 
combination with a message authentication code like HMAC. I don't have to 
explain how that is going to hurt performance ...

We can try to make it harder to guess the secret parts with a slightly modified 
algorithm like e.g. V8's hash but that's never going to be 100% secure. But 
might be secure enough to make an attack too hard.


Python tracker <>
Python-bugs-list mailing list

Reply via email to