[issue13704] Random number generator in Python core

Raymond Hettinger added the comment: Why is this listed as a release blocker? It is questionable whether it should be done at all? It is a very aggressive change. -- ___ Python tracker _

[issue13696] [urllib.request.HTTPRedirectHandler.http_error_302] Relative Redirect issue

Changes by Senthil Kumaran : -- resolution: -> fixed stage: test needed -> committed/rejected status: open -> closed ___ Python tracker ___ _

[issue13696] [urllib.request.HTTPRedirectHandler.http_error_302] Relative Redirect issue

Roundup Robot added the comment: New changeset 86141d28b20d by Senthil Kumaran in branch '3.2': Issue13696 - Fix 302 Redirection for Relative urls. http://hg.python.org/cpython/rev/86141d28b20d -- nosy: +python-dev ___ Python tracker

[issue13702] relative symlinks in tarfile.extract broken (windows)

Changes by Lars Gustäbel : -- assignee: -> lars.gustaebel nosy: +lars.gustaebel versions: +Python 3.3 ___ Python tracker ___ ___ Pyth

[issue13703] Hash collision security issue

Paul McMillan added the comment: A couple of things here: First, my proposed change is not cryptographically secure. There simply aren't any cryptographic hashing algorithms available that are in the performance class we need. My proposal does make the collision attack quite difficult to car

[issue13696] [urllib.request.HTTPRedirectHandler.http_error_302] Relative Redirect issue

Senthil Kumaran added the comment: Here is the patch against 3.2. Something is wrong with the mercurial at the moment where 3.2 is shown as inactive. Once that is corrected, I shall commit and push this to 3.2 and cpython codelines. This bug is not present in 2.7 as different logic is followe

[issue13710] hash() on strings containing only null characters returns the length of the strings

Jesús Cea Avión added the comment: Object hashes are not crypto hashes. Use hashlib module for crypto. -- nosy: +jcea ___ Python tracker ___

[issue13703] Hash collision security issue

STINNER Victor added the comment: Yet another random hash function, simplified version of Paul's function. It always use exactly 256 bits of entropy and so 32 bytes of memory, and doesn't keep the loop. I don't expect my function to be secure, but just give more work to the attacker to comput

[issue13704] Random number generator in Python core

Changes by Jesús Cea Avión : -- nosy: +jcea ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.

[issue13707] Clarify hash() constancy period

Changes by Jesús Cea Avión : -- nosy: +jcea ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.

[issue13710] hash() on strings containing only null characters returns the length of the strings

Benjamin Peterson added the comment: No. Python's dictionary implementation is designed to handle hash functions with the properties of Python's. -- nosy: +benjamin.peterson resolution: -> rejected status: open -> closed ___ Python tracker

[issue13710] hash() on string containing only null characters returns the length of the string

New submission from Ramchandra Apte : If you run hash on strings containing only null characters it returns the length of the string >>> hash("\0") 1 >>> hash("\0\0") 2 >>> hash("\0"*1000) 1000 This behaviour is not like proper hash functions. The hashes of these strings should exhibit the avala

[issue13710] hash() on strings containing only null characters returns the length of the strings

Changes by Ramchandra Apte : -- title: hash() on string containing only null characters returns the length of the strings -> hash() on strings containing only null characters returns the length of the strings ___ Python tracker

[issue13710] hash() on string containing only null characters returns the length of the strings

Changes by Ramchandra Apte : -- title: hash() on string containing only null characters returns the length of the string -> hash() on string containing only null characters returns the length of the strings ___ Python tracker

[issue13703] Hash collision security issue

Changes by Jesús Cea Avión : -- nosy: +jcea ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.

[issue13128] httplib debuglevel on CONNECT doesn't print response headers

Changes by Ned Deily : -- stage: -> patch review ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.p

[issue13707] Clarify hash() constancy period

Raymond Hettinger added the comment: -1 I concur with Martin. -- nosy: +rhettinger ___ Python tracker ___ ___ Python-bugs-list mailin

[issue4188] test_threading hang when running as verbose

Changes by Jesús Cea Avión : -- nosy: +jcea ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.o

[issue13550] Rewrite logging hack of the threading module

Changes by Jesús Cea Avión : -- nosy: +jcea ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.

[issue13702] relative symlinks in tarfile.extract broken (windows)

Changes by Brian Curtin : -- nosy: +brian.curtin stage: -> test needed ___ Python tracker ___ ___ Python-bugs-list mailing list Unsub

[issue13707] Clarify hash() constancy period

Terry J. Reedy added the comment: Given that the doc says that use of hash() is to compare dict keys, it does not seem wrong to me to suggest that hash() should be usable to do so. I believe id() and consequently hash() are unique among builtins in being run-dependent. That is currently docum

[issue13556] When tzinfo.utcoffset is out-of-bounds, the exception message is misleading

Alexander Belopolsky added the comment: Is 3.3 message better? >>> datetime.now(tz=X()) Traceback (most recent call last): File "", line 1, in ValueError: offset must be a timedelta strictly between -timedelta(hours=24) and timedelta(hours=24). In 2.7, the message is indeed misleading: >>

[issue13709] Capitalization mistakes in the documentation for ctypes

Eli Bendersky added the comment: And while we're at it, I would consider revising both sentences in a more fundamental way, since they're too chatty for the official docs. -- nosy: +eli.bendersky ___ Python tracker

[issue13697] python RLock implementation unsafe with signals

Changes by Alex Gaynor : -- nosy: +alex ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/

[issue13556] When tzinfo.utcoffset is out-of-bounds, the exception message is misleading

Changes by Ned Deily : -- nosy: +belopolsky, lemburg ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mai

[issue8713] multiprocessing needs option to eschew fork() under Linux

Ned Deily added the comment: See also consolidated Issue13558 for additional justification for processes option on OS X. -- nosy: +mrmekon, ned.deily ___ Python tracker ___

[issue13699] test_gdb has recently started failing

STINNER Victor added the comment: "test_gdb has started failing recently on my Ubuntu Natty system: ... >>> sysconfig.get_config_vars()['PY_CFLAGS'] '-Wno-unused-result -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes' ... Marking haypo as nosy since it might be related to recent changes for #1

[issue13558] multiprocessing package incompatible with PyObjC

Ned Deily added the comment: Issue8713 proposes adding the option of using processes for multiprocessing rather than bare forks. Let's consolidate this issue with that one. -- resolution: -> duplicate stage: -> committed/rejected status: open -> closed superseder: -> multiprocessin

[issue13697] python RLock implementation unsafe with signals

Robert Collins added the comment: Normally I advocate very strongly for Python implementation of C accelerated modules, but when the two implementations are not equivalent, having a simpler Python one around does not help anyone (not users, other language implementors etc). True reentrancy is

[issue13697] python RLock implementation unsafe with signals

STINNER Victor added the comment: > This affects the python implementation of RLock only. In the issue #13550, it was discussed to remove completly the logging machinery from the threading module. If we remove it, we don't need the Python implementation of RLock. We already removed the Pytho

[issue13703] Hash collision security issue

STINNER Victor added the comment: I read that the attack cannot be computed with actual computers (it's too expensive) against Python 64 bits. I tried to change str.__hash__ in Python 32 bits to compute the hash in 64 bits and than truncate the hash to 32 bits: it doesn't change anything, the

[issue13697] python RLock implementation unsafe with signals

Charles-François Natali added the comment: > That sounds like a good solution in the middle-term. Are there any > drawbacks? (apart from launching a thread) Just to be clear: the approach I was suggesting is to have a resident thread dedicated to signal management, not to spawn a new one when n

[issue9201] IDLE: raises Exception TclError in a special case

Ned Deily added the comment: The problem was originally reported in Issue4676 and fixed partly there and partly in Issue3851. -- nosy: +ned.deily resolution: -> duplicate stage: -> committed/rejected status: open -> closed superseder: -> python3 closes + home keys _

[issue13709] Capitalization mistakes in the documentation for ctypes

New submission from Ramchandra Apte : In section 15.17.1.17 in the ctypes documentation, the documentation says "It is funny to see that on linux the sort function seems to work much more efficiently, it is doing less comparisons" "It is quite interesting to see that the Windows qsort() functio

[issue13707] Clarify hash() constancy period

Antoine Pitrou added the comment: You can define a __hash__ that changes if the object changes. It is not recommended, but it's possible. So I agree with Martin that your proposed clarification is wrong. (I also think that it wouldn't bring anything, either) Suggest closing as invalid/rajecte

[issue13707] Clarify hash() constancy period

Terry J. Reedy added the comment: Martin, I do not understand. The default hash is based on id (as is default equality comparison), not value. Are you OK with hash values changing if the 'value' changes? My understanding is that changing hash values for objects in sets and dicts is bad, which

[issue13708] Document ctypes.wintypes

Changes by Ramchandra Apte : -- assignee: -> docs@python components: +Documentation nosy: +docs@python ___ Python tracker ___ ___ Pyt

[issue13708] Document ctypes.wintypes

New submission from Ramchandra Apte : Document ctypes.wintypes. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscrib

[issue13708] Document ctypes.wintypes

Changes by Ramchandra Apte : -- nosy: ramchandra.apte priority: normal severity: normal status: open title: Document ctypes.wintypes ___ Python tracker ___ __

[issue13704] Random number generator in Python core

Changes by Raymond Hettinger : -- assignee: christian.heimes -> rhettinger nosy: +rhettinger ___ Python tracker ___ ___ Python-bugs-li

[issue13703] Hash collision security issue

Changes by Zhiping Deng : -- nosy: +Zhiping.Deng ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.py

[issue13703] Hash collision security issue

Antoine Pitrou added the comment: For the record, here is what "man urandom" says about random seed size: “[...] no cryptographic primitive available today can hope to promise more than 256 bits of security, so if any program reads more than 256 bits (32 bytes) from the kernel random p

[issue13703] Hash collision security issue

Antoine Pitrou added the comment: > > r = array.array('l', os.urandom(2**size_exponent)) > > len_r = len(r) > > r size should not depend on the size of a long. You should write something > like: > > sizeof_long = ctypes.sizeof(ctypes.c_long) > r_bits = 8 > r = array.array('l', os.urandom((2**

[issue13703] Hash collision security issue

STINNER Victor added the comment: > https://gist.github.com/0a91e52efa74f61858b5 Please, attach directly a file to the issue, or copy/paste the code in your comment. Interesting part the code: --- #Proposed replacement #-- import os, array size_exponent = 1

[issue8416] python 2.6.5 documentation can't search

Santiago Gala added the comment: Still http://docs.python.org/release/2.6.6/search.html?q=regular+expression works, while http://docs.python.org/release/2.6.5/search.html?q=regular+expression fails, and http://docs.python.org/release/2.6.5/searchindex.js gives a 404, while http://docs.python.or

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Antoine Pitrou added the comment: I've committed a conservative version of the patch, plus a test. -- resolution: -> fixed stage: patch review -> committed/rejected status: open -> closed ___ Python tracker _

[issue13703] Hash collision security issue

Antoine Pitrou added the comment: > I'm in private contact with Paul and we are working together. He has > done extended research and I'll gladly follow his expertise. I've > already discussed the issue with small strings, but I can't recall if > it was a private mail to Paul or a public one to

[issue13707] Clarify hash() lifetime

Martin v. Löwis added the comment: -1. The hash has nothing to do with the lifetime, but with the value of an object. -- nosy: +loewis ___ Python tracker ___ __

[issue13703] Hash collision security issue

STINNER Victor added the comment: Paul first proposition (on python-dev) was to replace: ... x = (ord(s[0]) << 7) while i < length: x = intmask((103*x) ^ ord(s[i])) ... by: ... x = (ord(s[0]) << 7) while i < length: x = intmask((103*x) ^

[issue13707] Clarify hash() lifetime

Changes by Alex Gaynor : -- nosy: +alex ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/

[issue13703] Hash collision security issue

Terry J. Reedy added the comment: In #13707 I suggest a change to the current hash() entry which is needed independently of this issue, because the default hash (for object()), being tied to id() is already limited to an object's lifetime. But this change will become more imperative if hash()

[issue13704] Random number generator in Python core

Changes by Arfrever Frehtes Taifersar Arahesis : -- nosy: -ezio.melotti, michael.foord ___ Python tracker ___ ___ Python-bugs-list ma

[issue13707] Clarify hash() lifetime

New submission from Terry J. Reedy : Current 3.2.2 docs: id(object) Return the “identity” of an object. This is an integer which is guaranteed to be unique and constant for this object during its lifetime. [model] hash(object) Return the hash value of the object (if it has one). Hash values

[issue13703] Hash collision security issue

Christian Heimes added the comment: Victor, please ignore my code related to hash randomization for now. I've deliberately not linked my branch to this bug report. I'm well aware that it's not secure and that it's pretty easy to reverse engineer the seed from a hash of a short string. The cod

[issue13704] Random number generator in Python core

Changes by Arfrever Frehtes Taifersar Arahesis : -- nosy: +Arfrever, ezio.melotti, michael.foord ___ Python tracker ___ ___ Python-bug

[issue13703] Hash collision security issue

Changes by Arfrever Frehtes Taifersar Arahesis : -- nosy: +Arfrever ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscri

[issue13703] Hash collision security issue

STINNER Victor added the comment: Christian Heimes proposes the following change in its randomhash branch (see issue #13704): -x = (Py_uhash_t) *p << 7; +x = Py_RndHashSeed + ((Py_uhash_t) *p << 7); for (i = 0; i < len; i++) x = (103U * x) ^ (Py_uhash_t) *p++; x

[issue8416] python 2.6.5 documentation can't search

Changes by Ezio Melotti : -- nosy: +ezio.melotti ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.pyt

[issue13703] Hash collision security issue

Paul McMillan added the comment: I agree that we should enable randomness by default, and provide an easy way for users to disable it if necessary (unit test suites that explicitly depend on order being an obvious candidate). I'll link my proposed algorithm change here, for the record: https:

[issue13706] non-ascii fill characters no longer work in formatting

Stefan Krah added the comment: Actually the issue is not restricted to numeric formatting. It's not possible to pad a Unicode string with a non-ascii whitespace: >>> format("abcd", "\u2007<7") Traceback (most recent call last): File "", line 1, in ValueError: fill character too large I'd

[issue8416] python 2.6.5 documentation can't search

Terry J. Reedy added the comment: Sorry, /George/Georg/ -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http

[issue8416] python 2.6.5 documentation can't search

Terry J. Reedy added the comment: Santiago, if you are still running 2.6.5 code, use the most recent 2.6 docs at http://docs.python.org/release/2.6.6/ This will have all the corrections made after the 2.6.5 release. Contrary to what you might think the header line says, there is no particular c

[issue13706] non-ascii fill characters no longer work in numeric formatting

Martin v. Löwis added the comment: Removing the if condition would be incorrect. The maximum char is computed at the beginning of the formatting. If, during formatting, need for a padding character is determined, the padding character must not be larger than the maximum char of the target str

[issue13706] non-ascii fill characters no longer work in numeric formatting

STINNER Victor added the comment: > I assume this is left over from the PEP 393 changes. Correct. > I'm not sure such a restriction needs to exist any more. The restriction was introduced to simplify the implementation. maxchar has to be computed exactly in format_string_internal(), format_i

[issue13706] non-ascii fill characters no longer work in numeric formatting

Eric V. Smith added the comment: I assume this is left over from the PEP 393 changes. I think the right thing to do is delete this code from line 277 of formatter_unicode.c: if (format->fill_char > 127 || format->align > 127 || format->sign > 127) { PyErr_SetString(PyExc_Va

[issue13706] non-ascii fill characters no longer work in numeric formatting

Changes by Stefan Krah : -- title: Unicode fill characters no longer work in numeric formatting -> non-ascii fill characters no longer work in numeric formatting ___ Python tracker

[issue13706] Unicode fill characters no longer work in numeric formatting

Stefan Krah added the comment: Hum, somehow I always refuse to acknowledge that ASCII is a subset of Unicode. :) -- ___ Python tracker ___ __

[issue13706] Unicode fill characters no longer work in numeric formatting

Changes by Ezio Melotti : -- nosy: +ezio.melotti ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.py

[issue13706] Unicode fill characters no longer work in numeric formatting

Benjamin Peterson added the comment: It's still possible; it's just apparently limited to ASCII characters. -- nosy: +benjamin.peterson ___ Python tracker ___ __

[issue13704] Random number generator in Python core

Christian Heimes added the comment: We already have a C implementation of MT in Modules/_randommodule.c. I just suggest that we move the implementation to a place, where we can use it as seed. -- ___ Python tracker

[issue13706] Unicode fill characters no longer work in numeric formatting

New submission from Stefan Krah : It used to be possible to specify Unicode fill characters in numeric formatting: Python 3.3.0a0 (default:1dd6908df8f5, Jul 16 2011, 11:16:00) [GCC 4.4.3] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> format(1234, "\u2007<7

[issue13705] Raising exceptions from finally works better than advertised in the documentation

Roundup Robot added the comment: New changeset c39fbb24b3f4 by Benjamin Peterson in branch '3.2': exception support is correct now (closes #13705) http://hg.python.org/cpython/rev/c39fbb24b3f4 -- nosy: +python-dev resolution: -> fixed stage: -> committed/rejected status: open -> close

[issue13705] Raising exceptions from finally works better than advertised in the documentation

Sinisa Segvic added the comment: Link to the documentation: http://docs.python.org/py3k/reference/compound_stmts.html#id2 -- ___ Python tracker ___ _

[issue13703] Hash collision security issue

Changes by Alex Gaynor : -- nosy: +alex ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/

[issue13704] Random number generator in Python core

Changes by Alex Gaynor : -- nosy: +alex ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/

[issue13704] Random number generator in Python core

Martin v. Löwis added the comment: I disagree with that approach, basically because I disagree that we need a C implementation of MT. Platforms that don't provide /dev/urandom will just have to be less secure. Using the current time (in milliseconds if available) plus the current pid ought to

[issue13704] Random number generator in Python core

Changes by STINNER Victor : -- keywords: +patch Added file: http://bugs.python.org/file24135/3106cc0a2024.diff ___ Python tracker ___

[issue13705] Raising exceptions from finally works better than advertised in the documentation

New submission from Sinisa Segvic : Hi, The documentation says: """ If the finally clause raises another exception (...) the saved exception is lost. """ This does not appear to be true. In the example below the backtrace shows both exceptions. >>> import math >>> try: ... 1/0 ... finally

[issue13703] Hash collision security issue

Christian Heimes added the comment: Randomized hashing destabilizes the unit tests of Python, too. Here are the outputs of four test runs: 11 tests failed: test_collections test_dbm test_dis test_gdb test_inspect test_packaging test_set test_symtable test_ttk_textonly test_urllib t

[issue8416] python 2.6.5 documentation can't search

Sandro Tosi added the comment: Hi Georg, I've verified doc search works with 2.6.[467], so if the fix is so easy to just add that js, could you please give it a look? TIA -- nosy: +sandro.tosi ___ Python tracker _

[issue13703] Hash collision security issue

Barry A. Warsaw added the comment: On Jan 03, 2012, at 09:43 PM, Benjamin Peterson wrote: >Barry, when this gets fixed, shall we coordinate release times? Yes! -- ___ Python tracker _

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Roundup Robot added the comment: New changeset f9122975fd80 by Antoine Pitrou in branch '2.7': Issue #13636: Weak ciphers are now disabled by default in the ssl module http://hg.python.org/cpython/rev/f9122975fd80 -- ___ Python tracker

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Roundup Robot added the comment: New changeset 25c2d24e1b11 by Antoine Pitrou in branch '3.2': Issue #13636: Weak ciphers are now disabled by default in the ssl module http://hg.python.org/cpython/rev/25c2d24e1b11 New changeset ace54f5e75d7 by Antoine Pitrou in branch 'default': Issue #13636: W

[issue6031] BaseServer.shutdown documentation is incomplete

Sandro Tosi added the comment: yep indeed, I've removed the deadlock part and committed. -- resolution: -> fixed stage: -> committed/rejected status: open -> closed versions: +Python 3.3 -Python 3.1 ___ Python tracker

[issue6031] BaseServer.shutdown documentation is incomplete

Roundup Robot added the comment: New changeset 4fad6b811c8b by Sandro Tosi in branch '2.7': Issue #6031: improve serve_forever() description http://hg.python.org/cpython/rev/4fad6b811c8b New changeset 4a30d36a9c69 by Sandro Tosi in branch '3.2': Issue #6031: improve serve_forever() description

[issue13703] Hash collision security issue

Changes by Dave Malcolm : -- nosy: +dmalcolm ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python

[issue13700] imaplib.IMAP4.authenticate authobject fails with PLAIN mechanism

Erno Tukia added the comment: Here's another patch that should fix the CRAM-MD5 authentication. My previous patch is required with this one. The patch includes a test. -- Added file: http://bugs.python.org/file24134/cram_md5.patch ___ Python tracker

[issue1079] decode_header does not follow RFC 2047

Ralf Schlatterbeck added the comment: Attached please find a patch that - keeps all spaces between non-encoded and encoded parts - doesn't create spaces between non-encoded and encoded parts in case these are already there or not needed (because they are non-ctext characters of RFC822 like '

[issue13703] Hash collision security issue

Benjamin Peterson added the comment: Barry, when this gets fixed, shall we coordinate release times? -- ___ Python tracker ___ ___ Py

[issue13703] Hash collision security issue

STINNER Victor added the comment: > Unless there's evidence of performance regressions > or backward incompatibilities, I agree. If hash() is modified, str(dict) and str(set) will change for example. It may break doctests. Can we consider that the application should not rely (indirectly) on h

[issue13703] Hash collision security issue

Changes by STINNER Victor : -- nosy: +haypo ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.

[issue13703] Hash collision security issue

Barry A. Warsaw added the comment: On Jan 03, 2012, at 08:24 PM, Antoine Pitrou wrote: >I think on the contrary it must be enabled by default. Leaving security >holes open is wrong. Unless there's evidence of performance regressions or backward incompatibilities, I agree. --

[issue13703] Hash collision security issue

Guido van Rossum added the comment: I'm with Antoine -- turn it on by default. Maybe there should be a release candidate to test the waters. -- ___ Python tracker ___

[issue13700] imaplib.IMAP4.authenticate authobject fails with PLAIN mechanism

Erno Tukia added the comment: Here's a patch with test. I am not an IMAP guru, so please verify my patch. -- keywords: +patch Added file: http://bugs.python.org/file24132/issue13700.patch ___ Python tracker _

[issue13703] Hash collision security issue

Christian Heimes added the comment: > I think on the contrary it must be enabled by default. Leaving security > holes open is wrong. We can't foresee the implications of the randomization and only a small number of deployments is affected by the problem. But I won't start a fight on the matte

[issue13704] Random number generator in Python core

Antoine Pitrou added the comment: (for the record, you can use the "create patch" button which creates a reviewable diff) -- ___ Python tracker ___

[issue13704] Random number generator in Python core

New submission from Christian Heimes : All proposed fixes for a randomized hashing function raise and fall with a good random number generator to feed the random seed. The seed must be created very early in the startup phase of the interpreter, preferable before the basic types are initialized. C

[issue13703] Hash collision security issue

Antoine Pitrou added the comment: > We haven't agreed whether the randomization should be enabled by > default or disabled by default. IMHO it should be disabled for all > releases except for the upcoming 3.3 release. I think on the contrary it must be enabled by default. Leaving security holes

[issue13703] Hash collision security issue

Christian Heimes added the comment: I had a short chat with Guido yesterday. I'll try to sum up the conversation. Guido, please correct me if I got something wrong or missed a point. Guido wants the fix as simple and less intrusive as possible as he wants to provide/apply a patch for Python 2

[issue8184] multiprocessing.managers will not fail if listening ocket already in use

Phill added the comment: @neologix: nah its fine, if you guys are gonna re open this one I wont worry about opening a new bug. If the above gets solved on windows my problem will just go away, thanks -- versions: +Python 2.6 -Python 2.7, Python 3.2, Python 3.3 ___

  1   2   >