2013/10/5 Larry Hastings <la...@hastings.org>: > On 10/04/2013 11:15 AM, Victor Stinner wrote: > > 2013/10/4 Armin Rigo <ar...@tunes.org>: > > The current hash randomization is > simply not preventing anything; someone posted long ago a way to > recover bit-by-bit the hash randomized used by a remote web program in > Python running on a server. > > Oh interesting, is it public? > > > http://events.ccc.de/congress/2012/Fahrplan/events/5152.en.html > > Quoting the synopsis: > > We also describe a vulnerability of Python's new randomized hash, allowing > an attacker to easily recover the 128-bit secret seed.
SipHash homepage contains a "proof of concept" to compute the secret: https://131002.net/siphash/poc.py But the script is not an exploit on a web server, but a script running locally. It requires for example to know the hash of strings "\0" and "\0\0". I would like to know if it's possible to retrieve such information in practice. And how do you retrieve the whole hash value from an HTTP page? You may retrieve some bits using specific HTTP requests, but not directly the whole hash value. I don't know any web page displaying directly the hash value of a string coming from the user request!? I'm not saying that the hash DoS does not exist, I'm just trying to estimate the risk (compared to other DoS attacks). Changing the default hash function is also risky and has a (well, minor) impact on performances. Victor _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
