> (I'm thinking that the original > attack is trivial once the set of 65000 colliding keys is public knowledge, > which must be only a matter of time.)
I have a program able to generate collisions: it takes 1 second to compute 60,000 colliding strings on a desktop computer. So the security of the randomized hash is based on the fact than the attacker cannot compute the secret. Victor _______________________________________________ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
