[Python-Dev] Status of the fix for the hash collision vulnerability

martin at v.loewis.de martin at v.loewis.de
Sat Jan 14 04:45:57 CET 2012

• Previous message: [Python-Dev] Status of the fix for the hash collision vulnerability
• Next message: [Python-Dev] Status of the fix for the hash collision vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

> What an implementation looks like:
>> http://pastebin.com/9ydETTag
>> some stuff to be filled in, but this is all that is really required.

I think this statement (and the patch) is wrong. You also need to change
the byte string hashing, at least for 2.x. This I consider the biggest
flaw in that approach - other people may have written string-like objects
which continue to compare equal to a string but now hash different.
Regards,
Martin

---

• Previous message: [Python-Dev] Status of the fix for the hash collision vulnerability
• Next message: [Python-Dev] Status of the fix for the hash collision vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-Dev mailing list