<div class="im">On 2012年02月21日, at 21:24 , Brett Cannon wrote:<br>
> On Tue, Feb 21, 2012 at 15:05, Barry Warsaw <<a href="mailto:barry@python.org">barry@python.org</a>> wrote:<br>
><br>
>> On Feb 21, 2012, at 02:58 PM, Benjamin Peterson wrote:<br>
>><br>
>>> 2012年2月21日 Antoine Pitrou <<a href="mailto:solipsis@pitrou.net">solipsis@pitrou.net</a>>:<br>
>>>><br>
>>>> Hello,<br>
>>>><br>
>>>> Shouldn't it be enabled by default in 3.3?<br>
>><br>
>> Yes.<br>
>><br>
>>> Should you be able to disable it?<br>
>><br>
>> No, but you should be able to provide a seed.<br>
><br>
> I think that's inviting trouble if you can provide the seed. It leads to a<br>
> false sense of security in that providing some seed secures them instead of<br>
> just making it a tad harder for the attack.<br>
<br>
</div>I might have misunderstood something, but wouldn't providing a seed always<br>
make it *easier* for the attacker, compared to a randomized hash?<br></blockquote><div><br></div><div>Yes, that was what I was trying to convey. </div></div><br>