Message 159434 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Unsupported provider

Author	vstinner
Recipients	Arfrever, PaulMcMillan, Vlado.Boza, benjamin.peterson, dmalcolm, koniiiik, vstinner
Date	2012-04-26.23:10:43
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1335481843.82.0.00366765367596.issue14621@psf.upfronthosting.co.za>
In-reply-to

Content
> Problem with current randomization of hash function > is following: Suffix does not influence whether two keys > have some hash or not (it is xor-ed after everything). Yes, the suffix is used to "protect" the secret. Without the suffix, it would be too simple to compute the prefix: getting a single hash value of a known string would leak the prefix. > Suffix does not influence whether two keys have some hash > or not (...). Everything except last 8 bits in prefix does > not influence it also. I don't know if we can do better and/or if it is a critical issue.

> Problem with current randomization of hash function
> is following: Suffix does not influence whether two keys
> have some hash or not (it is xor-ed after everything).

Yes, the suffix is used to "protect" the secret. Without the suffix, it would be too simple to compute the prefix: getting a single hash value of a known string would leak the prefix.

> Suffix does not influence whether two keys have some hash
> or not (...). Everything except last 8 bits in prefix does
> not influence it also.

I don't know if we can do better and/or if it is a critical issue.

History
Date	User	Action	Args
2012-04-26 23:10:43	vstinner	set	recipients: + vstinner, benjamin.peterson, Arfrever, dmalcolm, PaulMcMillan, Vlado.Boza, koniiiik
2012-04-26 23:10:43	vstinner	set	messageid: <1335481843.82.0.00366765367596.issue14621@psf.upfronthosting.co.za>
2012-04-26 23:10:43	vstinner	link	issue14621 messages
2012-04-26 23:10:43	vstinner	create