Giovanni Bajo added the comment: Il giorno 02/gen/2013, alle ore 00:20, Domen Kožar <rep...@bugs.python.org> ha scritto:
> > Domen Kožar added the comment: > > According to talk at 29c3: > http://events.ccc.de/congress/2012/Fahrplan/events/5152.en.html > > Quote: We also describe a vulnerability of Python's new randomized hash, > allowing an attacker to easily recover the 128-bit secret seed. As a reliable > fix to hash-flooding, we introduce SipHash, a family of cryptographically > strong keyed hash function competitive in performance with the weak hashes, > and already adopted in OpenDNS, Perl 5, Ruby, and in the Rust language. That is exactly the vulnerability that was previously mentioned in the context of this bug. SipHash is currently the only solution for a collision-resistant fast-enough hash. -- Giovanni Bajo ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue14621> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
