Le Fri, 04 Oct 2013 17:13:32 +0200, mar...@v.loewis.de a écrit : > > Whether this is a serious threat or not depends on what other threats > the system being attacked is vulnerable to. Maybe there is something > even simpler, or maybe the hash attack is the only hope of bringing > the system to its knees. > > IMO, the hash attack is particularly tricky since it is very easy to > argue and very difficult to demonstrate.
If you know how to generate colliding hashes, it's actually relatively easy to demonstrate, assuming you know how a particular Web application processes its incoming requests (which you do if it's a standard Web application such as hgweb). Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
