Author Mark.Shannon
Recipients Arfrever, Huzaifa.Sidhpurwala, Mark.Shannon, PaulMcMillan, Zhiping.Deng, alex, barry, benjamin.peterson, christian.heimes, dmalcolm, georg.brandl, gvanrossum, haypo, jcea, lemburg, merwok, pitrou, terry.reedy
Date 2012-01-05.10:41:40
SpamBayes Score 1.15379e-11
Marked as misclassified No
Message-id <4F057E63.4020102@hotpy.org>
In-reply-to <1325758827.39.0.163970385347.issue13703@psf.upfronthosting.co.za>
Content
But that's not the issue we are supposed to be dealing with.
A single (genuinely random) seed will deal with the attack described in 
the talk and it is (almost) as fast as using 0 as a seed.
Why make things complicated dealing with a hypothetical problem?

>> Why should hash("") always return 0?
>> I can't find it in the docs anywhere.
> 
> hash("") should return something constant that doesn't reveal information about the random seeds. 0 is an arbitrary choice that is as good as anything else. hash("") already returns 0, hence my suggestion for 0.

Is special casing arbitrary values really any more secure?
If we special case "", the attacker will just start using "\0" and so on...

> 
> ----------
> 
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue13703>
> _______________________________________
History
Date User Action Args
2012-01-05 10:41:41Mark.Shannonsetrecipients: + Mark.Shannon, lemburg, gvanrossum, barry, georg.brandl, terry.reedy, jcea, pitrou, haypo, christian.heimes, benjamin.peterson, merwok, Arfrever, alex, dmalcolm, Zhiping.Deng, Huzaifa.Sidhpurwala, PaulMcMillan
2012-01-05 10:41:40Mark.Shannonlinkissue13703 messages
2012-01-05 10:41:40Mark.Shannoncreate