Author PaulMcMillan
Recipients Arfrever, Mark.Shannon, PaulMcMillan, Zhiping.Deng, alex, barry, benjamin.peterson, christian.heimes, dmalcolm, georg.brandl, gvanrossum, haypo, jcea, lemburg, merwok, pitrou, terry.reedy
Date 2012-01-05.00:44:24
SpamBayes Score 1.03824e-06
Marked as misclassified No
Message-id <CAO_YWRUV+P54dLaJ9xNS07nh1bZd8jmiBpFMT8Qh7W59Yq38aw@mail.gmail.com>
In-reply-to <1325723771.39.0.672443575759.issue13703@psf.upfronthosting.co.za>
Content
> My proposition only adds two XOR to hash(str) (outside the loop on Unicode characters), so I expect a ridiculous overhead. I don't know yet how hard it is to guess the secret from hash(str) output.

It doesn't work much better than a single random seed. Calculating the
hash of a null byte gives you the xor of your two seeds. An attacker
can still cause collisions inside the vulnerable hash function, your
change doesn't negate those internal collisions. Also, strings of all
null bytes collide trivially.
History
Date User Action Args
2012-01-05 00:44:25PaulMcMillansetrecipients: + PaulMcMillan, lemburg, gvanrossum, barry, georg.brandl, terry.reedy, jcea, pitrou, haypo, christian.heimes, benjamin.peterson, merwok, Arfrever, alex, dmalcolm, Mark.Shannon, Zhiping.Deng
2012-01-05 00:44:25PaulMcMillanlinkissue13703 messages
2012-01-05 00:44:24PaulMcMillancreate