On Feb 25, 2014, at 8:17 AM, Antoine Pitrou <solip...@pitrou.net> wrote:
> On Tue, 25 Feb 2014 08:08:09 -0500 > Donald Stufft <don...@stufft.io> wrote: >> >> Hash randomization is broken and doesn’t fix anything. > > Not sure what you mean with "doesn't fix anything". Hash collisions were > easy to exploit pre-hash randomization, they doesn't seem as easy to > exploit with it. Instead of pre-generating one set of values that can be be used to DoS things you have to pre-generate 256 sets of values and try them until you get the right one. It’s like putting on armor made of paper and saying it’s harder to stab you now. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
