Author christian.heimes
Recipients Arfrever, Mark.Shannon, PaulMcMillan, Zhiping.Deng, alex, barry, benjamin.peterson, christian.heimes, dmalcolm, georg.brandl, gvanrossum, haypo, jcea, lemburg, merwok, pitrou, terry.reedy
Date 2012-01-05.00:36:51
SpamBayes Score 2.46545e-07
Marked as misclassified No
Message-id <1325723812.53.0.978598000253.issue13703@psf.upfronthosting.co.za>
In-reply-to
Content
Thanks Victor!

> - hash(str) is now randomized using two random Py_hash_t values: 
> don't touch the critical loop, only add a prefix and a suffix

At least for Python 2.x hash(str) and hash(unicode) have to yield the same result for ASCII only strings. 

>  - PyOS_URandom() raises exceptions whereas it is called before
> creating the interpreter state. I suppose that it cannot work like this.

My patch compensates for the issue and calls Py_FatalError() when the random seed hasn't been initialized yet.

You aren't special casing small strings. I fear that an attacker may guess the seed from several small strings. How about using another initial seed for strings shorter than 4 code points?
History
Date User Action Args
2012-01-05 00:36:52christian.heimessetrecipients: + christian.heimes, lemburg, gvanrossum, barry, georg.brandl, terry.reedy, jcea, pitrou, haypo, benjamin.peterson, merwok, Arfrever, alex, dmalcolm, Mark.Shannon, Zhiping.Deng, PaulMcMillan
2012-01-05 00:36:52christian.heimessetmessageid: <1325723812.53.0.978598000253.issue13703@psf.upfronthosting.co.za>
2012-01-05 00:36:51christian.heimeslinkissue13703 messages
2012-01-05 00:36:51christian.heimescreate