Am 20.01.2012 16:33, schrieb Guido van Rossum:
(I'm thinking that the original attack is trivial once the set of 65000 colliding keys is public knowledge, which must be only a matter of time.
I think it's very likely that this will happen soon. For ASP and PHP there is attack-payload publicly available. PHP and ASP have patches to limit the number of query-variables. We're very lucky that there's no public payload for python yet, and all non-public software and payload I'm aware of is based upon my software. But this can change any moment. It's not really difficult to write software to create 32bit-collisions. Frank _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
