Victor Stinner wrote: > If hash(str1)&DICT_MASK == hash(str2)&DICT_MASK but > hash(str1)!=hash(str2), strings are not compared (this is a common > optimization in Python), and the so the attack would not be successful > (it would be slow, but not as slow as comparing two strings).
It's a shame the hash function can't take a second salt parameter to include in the hash. Each dict could have its own salt, generated from a quick pseudo-random generator. Jeremy _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
