On 2018-05-16 18:10, Raymond Hettinger wrote: > > >> On May 16, 2018, at 5:48 PM, Anthony Flury via Python-Dev >> <python-dev@python.org> wrote: >> >> However the frozen set hash, the same in both cases, as is the hash of the >> tuples - suggesting that the vulnerability resolved in Python 3.3 wasn't >> resolved across all potentially hashable values. > > You are correct. The hash randomization only applies to strings. None of > the other object hashes were altered. Whether this is a vulnerability or not > depends greatly on what is exposed to users (generally strings) and how it is > used. > > For the most part, it is considered a feature that integers hash to > themselves. That is very fast to compute :-) Also, it tends to prevent hash > collisions for consecutive integers.
Raymond is 100% correct. Just one small nit pick: randomization applies to both string and bytes. Christian _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
