This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Unsupported provider

Author christian.heimes
Recipients Arfrever, PaulMcMillan, Vlado.Boza, alex, arigo, benjamin.peterson, camara, christian.heimes, dmalcolm, koniiiik, lemburg, serhiy.storchaka, vstinner
Date 2012-11-06.15:54:13
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1352217254.03.0.205730212988.issue14621@psf.upfronthosting.co.za>
In-reply-to
Content 
Our hash randomization will always leak some information about the randomization keys. The only way to properly secure our secrets is a cryptographic secure algorithms, for example a crypto hashing function in combination with a message authentication code like HMAC. I don't have to explain how that is going to hurt performance ...

We can try to make it harder to guess the secret parts with a slightly modified algorithm like e.g. V8's hash but that's never going to be 100% secure. But might be secure enough to make an attack too hard.
History
Date User Action Args
2012-11-06 15:54:14christian.heimessetrecipients: + christian.heimes, lemburg, arigo, vstinner, benjamin.peterson, Arfrever, alex, dmalcolm, PaulMcMillan, serhiy.storchaka, Vlado.Boza, koniiiik, camara
2012-11-06 15:54:14christian.heimessetmessageid: <1352217254.03.0.205730212988.issue14621@psf.upfronthosting.co.za>
2012-11-06 15:54:14christian.heimeslinkissue14621 messages
2012-11-06 15:54:13christian.heimescreate