[Python-Dev] Status of the fix for the hash collision vulnerability

"Martin v. Löwis" martin at v.loewis.de
Sat Jan 14 16:17:59 CET 2012

• Previous message: [Python-Dev] Status of the fix for the hash collision vulnerability
• Next message: [Python-Dev] Status of the fix for the hash collision vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Am 14.01.2012 01:37, schrieb Benjamin Peterson:
> 2012年1月13日 Guido van Rossum <guido at python.org>:
>> Really? Even though you came up with specifically to prove me wrong?
>> Coming up with a counterexample now invalidates it?

There are two concerns here:
- is it possible to come up with an example of constructed values that
 show many collisions in a way that poses a threat? To this, the answer
 is apparently "yes", and the proposed reaction is to hard-limit the
 number of collisions accepted by the implementation.
- then, *assuming* such a limitation is in place: is it possible to come
 up with a realistic application that would break under this
 limitation. Mark's example is no such realistic application, instead,
 it is yet another example demonstrating collisions using constructed
 values (although the specific example would continue to work fine
 even under the limitation).
A valid counterexample would have to come from a real application, or
at least from a scenario that is plausible for a real application.
Regards,
Martin

---

• Previous message: [Python-Dev] Status of the fix for the hash collision vulnerability
• Next message: [Python-Dev] Status of the fix for the hash collision vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-Dev mailing list