Message178808
| Author |
Giovanni.Bajo |
| Recipients |
Arfrever, Bob.Ziuchkovski, Giovanni.Bajo, PaulMcMillan, ReneSac, Vlado.Boza, alex, arigo, benjamin.peterson, camara, christian.heimes, cvrebert, dmalcolm, gregory.p.smith, iElectric, koniiiik, lemburg, mark.dickinson, ncoghlan, sbermeister, serhiy.storchaka, vstinner, Łukasz.Rekucki |
| Date |
2013年01月02日.10:02:30 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<0505B8CD-224D-4955-88C1-E298784562D6@gmail.com> |
| In-reply-to |
<1357082426.45.0.877992378426.issue14621@psf.upfronthosting.co.za> |
| Content |
Il giorno 02/gen/2013, alle ore 00:20, Domen Kožar <report@bugs.python.org> ha scritto:
>
> Domen Kožar added the comment:
>
> According to talk at 29c3: http://events.ccc.de/congress/2012/Fahrplan/events/5152.en.html
>
> Quote: We also describe a vulnerability of Python's new randomized hash, allowing an attacker to easily recover the 128-bit secret seed. As a reliable fix to hash-flooding, we introduce SipHash, a family of cryptographically strong keyed hash function competitive in performance with the weak hashes, and already adopted in OpenDNS, Perl 5, Ruby, and in the Rust language.
That is exactly the vulnerability that was previously mentioned in the context of this bug. SipHash is currently the only solution for a collision-resistant fast-enough hash.
--
Giovanni Bajo |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2013年01月02日 10:02:31 | Giovanni.Bajo | set | recipients:
+ Giovanni.Bajo, lemburg, arigo, gregory.p.smith, mark.dickinson, ncoghlan, vstinner, christian.heimes, benjamin.peterson, iElectric, Arfrever, alex, cvrebert, dmalcolm, PaulMcMillan, serhiy.storchaka, Vlado.Boza, koniiiik, sbermeister, camara, Łukasz.Rekucki, ReneSac, Bob.Ziuchkovski |
| 2013年01月02日 10:02:31 | Giovanni.Bajo | link | issue14621 messages |
| 2013年01月02日 10:02:30 | Giovanni.Bajo | create |
|