classification
Title: Add hash auto-randomization
Type: enhancement Stage: resolved
Components: Versions: Python 2.7
process
Status: closed Resolution: rejected
Dependencies: Superseder:
Assigned To: rhettinger Nosy List: bjarvis, christian.heimes, pitrou, rhettinger, vstinner
Priority: normal Keywords: patch

Created on 2017-11-30 05:39 by bjarvis, last changed 2017-12-04 22:22 by vstinner. This issue is now closed.

Files
File name Uploaded Description Edit
auto_rand_2.7.patch bjarvis, 2017-11-30 05:39
Messages (6)
msg307278 - (view) Author: Brian Jarvis (bjarvis) * Date: 2017-11-30 05:39
Hash auto-randomization is a mechanism to detect when a collision attack is underway and switch to a randomized keying scheme at that point.

This patch is for the 2.7 branch, where hash randomization is not on by default.

Using collided strings from https://github.com/Storyyeller/fnv-collider/tree/master/collided_strings, 10 "attacks" of roughly 50,000 collided strings were launched against this. The unmodified Python had a median insert time of roughly 4.32 seconds and a median retrieve time of roughly 4.40 seconds. With the auto-randomized version of Python, the median insert time was roughly 3.99 seconds and median retrieve time was roughly 3.57 seconds. This is a 7.7% and 18.9% savings, respectively.
msg307295 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-11-30 11:37
Raymond, dicts are your area of expertise.

I'm -0 on the patch. The check is going to slow down dicts and it's really easy to enable randomization with an env var or command line argument.
msg307314 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017-11-30 14:21
It was decided to leave the hash randomization disabled by default for backward compatibility. It's a deliberate choice.

I don't think that we need to go further for Python 2.7. I never considered this denial of service attach as major, there are many other ways to trigger a DoS, and fixing the dict type is not the right way to prevent this class of attacks.

HTTP clients and frameworks like http.client and Django implemented other countermeasures like limiting the number of HTTP headers.

The problem was correctly fixed in Python 3: randomization enabled by default since Python 3.3, and Python 3.4 now uses SipHash which better hides the hash secret.

More info at:
* http://python-security.readthedocs.io/vuln/cve-2012-1150_hash_dos.html
* http://python-security.readthedocs.io/vuln/cve-2013-7040_hash_not_properly_randomized.html
msg307590 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2017-12-04 19:39
Agreed this is not desirable at this point.  Let's leave 2.7 like it is.
msg307593 - (view) Author: Raymond Hettinger (rhettinger) * (Python committer) Date: 2017-12-04 20:03
Marking as closed for the reasons listed by the other respondents.
msg307601 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017-12-04 22:22
By the way, for a few other reasons, Python 3 is more secure than Python 2.7. If you care of security, please upgrade!
History
Date User Action Args
2017-12-04 22:22:50vstinnersetmessages: + msg307601
2017-12-04 20:03:38rhettingersetstatus: open -> closed
resolution: rejected
messages: + msg307593

stage: resolved
2017-12-04 19:39:53pitrousetnosy: + pitrou
messages: + msg307590
2017-11-30 14:21:34vstinnersetmessages: + msg307314
2017-11-30 11:37:14christian.heimessetassignee: rhettinger

messages: + msg307295
nosy: + vstinner, christian.heimes, rhettinger
2017-11-30 05:39:15bjarviscreate