Author haypo
Recipients Arfrever, Mark.Shannon, PaulMcMillan, Zhiping.Deng, alex, barry, benjamin.peterson, christian.heimes, dmalcolm, georg.brandl, gvanrossum, haypo, jcea, lemburg, merwok, pitrou, terry.reedy
Date 2012-01-05.00:49:03
SpamBayes Score 4.781e-06
Marked as misclassified No
Message-id <1325724544.3.0.711149644235.issue13703@psf.upfronthosting.co.za>
In-reply-to
Content
> I fear that an attacker may guess the seed from several small strings

hash(a) ^ hash(b) "removes" the suffix, but I don't see how to guess the prefix from this new value. It doesn't mean that it is not possible, just that I don't have a strong background in crytography :-)

I don't expect that adding 2 XOR would change our dummy (fast but unsafe) hash function into a cryptographic hash function. We cannot have security for free. If we want a strong cryptographic hash function, it would be much slower (Paul wrote that it would be 4x slower). But we prefer speed over security, so we have to do compromise.

I don't know if you can retreive hash values in practice. I suppose that you can only get hash(str) & (size - 1) with size=size of the dict internal array, so only the lower bits. Using a large dict, you may be able to retreive more bits of the hash value.
History
Date User Action Args
2012-01-05 00:49:04hayposetrecipients: + haypo, lemburg, gvanrossum, barry, georg.brandl, terry.reedy, jcea, pitrou, christian.heimes, benjamin.peterson, merwok, Arfrever, alex, dmalcolm, Mark.Shannon, Zhiping.Deng, PaulMcMillan
2012-01-05 00:49:04hayposetmessageid: <1325724544.3.0.711149644235.issue13703@psf.upfronthosting.co.za>
2012-01-05 00:49:03haypolinkissue13703 messages
2012-01-05 00:49:03haypocreate