Hello all,
A paper (well, presentation) has been published highlighting security problems
with the hashing algorithm (exploiting collisions) in many programming
languages Python included:
On Wednesday, December 28, 2011 at 8:28 PM, Michael Foord wrote:
Hello all,
A paper (well, presentation) has been published highlighting security
problems with the hashing algorithm (exploiting collisions) in many
programming languages Python included:
On Wednesday, December 28, 2011 at 8:37 PM, Jesse Noller wrote:
On Wednesday, December 28, 2011 at 8:28 PM, Michael Foord wrote:
Hello all,
A paper (well, presentation) has been published highlighting security
problems with the hashing algorithm (exploiting collisions) in
On Wed, Dec 28, 2011 at 6:28 PM, Michael Foord
fuzzy...@voidspace.org.uk wrote:
Hello all,
A paper (well, presentation) has been published highlighting security
problems with the hashing algorithm (exploiting collisions) in many
programming languages Python included:
A few thoughts on this:
a) This is not a new issue, I'm curious what the new interest is in it.
b) Whatever the solution to this is, it is *not* CPython specific, any decision
should be reflected in the Python language spec IMO, if CPython has the semantic
that dicts aren't vulnerable to hash
FWIW, Uncle Timmy considers the non-randomized hashes to be a virtue.
It is believed that they give us better-than-random results for commonly
encountered datasets. A change to randomized hashes would have a
negative performance impact on those cases.
Also, randomizing the hash wreaks havoc on
Am 29.12.2011 02:37, schrieb Jesse Noller:
Back up link for the PDF:
http://dl.dropbox.com/u/1374/2007_28C3_Effective_DoS_on_web_application_platforms.pdf
Ocert disclosure:
http://www.ocert.org/advisories/ocert-2011-003.html
From http://www.nruns.com/_downloads/advisory28122011.pdf
---
Am 29.12.2011 03:09, schrieb Raymond Hettinger:
FWIW, Uncle Timmy considers the non-randomized hashes to be a virtue.
It is believed that they give us better-than-random results for commonly
encountered datasets. A change to randomized hashes would have a
negative performance impact on those
On Wed, Dec 28, 2011 at 19:51, Alex Gaynor alex.gay...@gmail.com wrote:
A few thoughts on this:
a) This is not a new issue, I'm curious what the new interest is in it.
Well they (the presenters of the report) had to be accepted to that
conference for *something*, otherwise we wouldn't know
