On Wed, Dec 28, 2011 at 19:51, Alex Gaynor wrote:
> A few thoughts on this:
>
> a) This is not a new issue, I'm curious what the new interest is in it.
Well they (the presenters of the report) had to be accepted to that
conference for *something*, otherwise we wouldn't know they exist.
__
Am 29.12.2011 03:09, schrieb Raymond Hettinger:
> FWIW, Uncle Timmy considers the non-randomized hashes to be a virtue.
> It is believed that they give us better-than-random results for commonly
> encountered datasets. A change to randomized hashes would have a
> negative performance impact on tho
Am 29.12.2011 02:37, schrieb Jesse Noller:
> Back up link for the PDF:
> http://dl.dropbox.com/u/1374/2007_28C3_Effective_DoS_on_web_application_platforms.pdf
>
> Ocert disclosure:
> http://www.ocert.org/advisories/ocert-2011-003.html
>From http://www.nruns.com/_downloads/advisory28122011.pdf
--
FWIW, Uncle Timmy considers the non-randomized hashes to be a virtue.
It is believed that they give us better-than-random results for commonly
encountered datasets. A change to randomized hashes would have a
negative performance impact on those cases.
Also, randomizing the hash wreaks havoc on do
A few thoughts on this:
a) This is not a new issue, I'm curious what the new interest is in it.
b) Whatever the solution to this is, it is *not* CPython specific, any decision
should be reflected in the Python language spec IMO, if CPython has the semantic
that dicts aren't vulnerable to hash col
On Wed, Dec 28, 2011 at 6:28 PM, Michael Foord
wrote:
> Hello all,
>
> A paper (well, presentation) has been published highlighting security
> problems with the hashing algorithm (exploiting collisions) in many
> programming languages Python included:
>
>
> http://events.ccc.de/congress
On Wednesday, December 28, 2011 at 8:37 PM, Jesse Noller wrote:
>
>
> On Wednesday, December 28, 2011 at 8:28 PM, Michael Foord wrote:
>
> > Hello all,
> >
> > A paper (well, presentation) has been published highlighting security
> > problems with the hashing algorithm (exploiting colli
On Wednesday, December 28, 2011 at 8:28 PM, Michael Foord wrote:
> Hello all,
>
> A paper (well, presentation) has been published highlighting security
> problems with the hashing algorithm (exploiting collisions) in many
> programming languages Python included:
>
> http://events.ccc.de/co
Hello all,
A paper (well, presentation) has been published highlighting security problems
with the hashing algorithm (exploiting collisions) in many programming
languages Python included:
http://events.ccc.de/congress/2011/Fahrplan/attachments/2007_28C3_Effective_DoS_on_web_applicatio
