This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients Arfrever, PaulMcMillan, alex, barry, benjamin.peterson, christian.heimes, dmalcolm, georg.brandl, gvanrossum, pitrou, terry.reedy, vstinner
Date 2012-01-04.01:00:55
SpamBayes Score 0.023625629
Marked as misclassified No
Message-id <1325638855.8.0.411042960043.issue13703@psf.upfronthosting.co.za>
In-reply-to
Content 
Paul first proposition (on python-dev) was to replace:

    ...
    x = (ord(s[0]) << 7)
    while i < length:
        x = intmask((1000003*x) ^ ord(s[i]))
        ...

by:

    ...
    x = (ord(s[0]) << 7)
    while i < length:
        x = intmask((1000003*x) ^ ord(s[i])) ^ r[x % len_r]
        ...

This change has a vulnerability similar than the one of Christian's suggested changed. The "r" array can be retreived directly with:

r2 = []
for i in xrange(len(r)):
    s = chr(intmask(i * UNSHIFT7) % len(r))
    h = intmask(hash(s) ^ len(s) ^ ord(s) ^ ((ord(s) << 7) * MOD))
    r2.append(chr(h))
r2 = ''.join(r2)

where UNSHIFT7 = 1/2**7 mod 2^(long bits).

By the way, this change always use r[0] to hash all string of one ASCII character (U+0000-U+007F).
History
Date User Action Args
2012-01-04 01:00:55vstinnersetrecipients: + vstinner, gvanrossum, barry, georg.brandl, terry.reedy, pitrou, christian.heimes, benjamin.peterson, Arfrever, alex, dmalcolm, PaulMcMillan
2012-01-04 01:00:55vstinnersetmessageid: <1325638855.8.0.411042960043.issue13703@psf.upfronthosting.co.za>
2012-01-04 01:00:55vstinnerlinkissue13703 messages
2012-01-04 01:00:55vstinnercreate