On 12/30/2011 8:04 PM, Jim Jewett wrote:
I'll state it more strongly. hash probably should not change (at least for this),
I agree, especially since the vulnerability can be avoided by using 64 bit servers and will generally abate as more switch anyway.
> but we may
want to consider a different conflict resolution strategy when the first slot is already filled. Remember that there was a fair amount of thought and timing effort put into selecting the current strategy; it is deliberately sub-optimal for random input, in order to do better with typical input.< http://hg.python.org/cpython/file/7010fa9bd190/Objects/dictnotes.txt>
It would be good to have a set of attack strings to see how vulernerable Py dicts actually are (Python may not have been actually tested with data) and the affect of any change. I gave the project email of the 2 presenters in my first post. They apparently want to work with language developers to improve defenses against attack.
-- Terry Jan Reedy _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
