[Python-Dev] Hash collision security issue (now public)

Terry Reedy tjreedy at udel.edu
Thu Dec 29 23:28:22 CET 2011

• Previous message: [Python-Dev] Hash collision security issue (now public)
• Next message: [Python-Dev] Hash collision security issue (now public)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

On 12/29/2011 4:31 PM, Christian Heimes wrote:
> The hash randomization idea adds a salt to throw the attacker of course.
> Instead of
>> position = hash& mask
>> it's now
>> hash = salt + hash

As I understood the talk (actually, the bit of Perl interpreter C code 
shown), the randomization is to change hash(s) to hash(salt+s) so that 
the salt is completely mixed into the hash from the beginning, rather 
than just tacked on at the end.
-- 
Terry Jan Reedy

---

• Previous message: [Python-Dev] Hash collision security issue (now public)
• Next message: [Python-Dev] Hash collision security issue (now public)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-Dev mailing list