Author pitrou
Recipients Arach, Arfrever, Huzaifa.Sidhpurwala, Jim.Jewett, Mark.Shannon, PaulMcMillan, Zhiping.Deng, alex, barry, benjamin.peterson, christian.heimes, dmalcolm, eric.snow, fx5, georg.brandl, grahamd, gregory.p.smith, gvanrossum, gz, haypo, jcea, lemburg, mark.dickinson, merwok, neologix, pitrou, skrah, terry.reedy, tim.peters, v+python, zbysz
Date 2012-01-18.23:46:12
SpamBayes Score 0.000630033
Marked as misclassified No
Message-id <1326930263.3395.79.camel@localhost.localdomain>
In-reply-to <4F1757BA.8040306@udel.edu>
Content
> > As much as the counting idea rubs me wrong,
> 
> FWIW, the original 2003 paper reported that the url-caching system that 
> they tested used collision-counting to evade attacks.

I think that was DJB's DNS server/cache actually.
But deciding to limit collisions in a specific application is not the
same as limiting them in the general case. Python dicts have a lot of
use cases that are not limited to storing URL parameters, domain names
or instance attributes: there is a greater risk of meeting pathological
cases with legitimate keys.
History
Date User Action Args
2012-01-18 23:46:12pitrousetrecipients: + pitrou, lemburg, gvanrossum, tim.peters, barry, georg.brandl, terry.reedy, gregory.p.smith, jcea, mark.dickinson, haypo, christian.heimes, benjamin.peterson, merwok, grahamd, Arfrever, v+python, alex, zbysz, skrah, dmalcolm, gz, neologix, Arach, Mark.Shannon, eric.snow, Zhiping.Deng, Huzaifa.Sidhpurwala, Jim.Jewett, PaulMcMillan, fx5
2012-01-18 23:46:12pitroulinkissue13703 messages
2012-01-18 23:46:12pitroucreate