Message150642
Thanks Victor!
> - hash(str) is now randomized using two random Py_hash_t values:
> don't touch the critical loop, only add a prefix and a suffix
At least for Python 2.x hash(str) and hash(unicode) have to yield the same result for ASCII only strings.
> - PyOS_URandom() raises exceptions whereas it is called before
> creating the interpreter state. I suppose that it cannot work like this.
My patch compensates for the issue and calls Py_FatalError() when the random seed hasn't been initialized yet.
You aren't special casing small strings. I fear that an attacker may guess the seed from several small strings. How about using another initial seed for strings shorter than 4 code points? |
|
Date |
User |
Action |
Args |
2012-01-05 00:36:52 | christian.heimes | set | recipients:
+ christian.heimes, lemburg, gvanrossum, barry, georg.brandl, terry.reedy, jcea, pitrou, vstinner, benjamin.peterson, eric.araujo, Arfrever, alex, dmalcolm, Mark.Shannon, Zhiping.Deng, PaulMcMillan |
2012-01-05 00:36:52 | christian.heimes | set | messageid: <1325723812.53.0.978598000253.issue13703@psf.upfronthosting.co.za> |
2012-01-05 00:36:51 | christian.heimes | link | issue13703 messages |
2012-01-05 00:36:51 | christian.heimes | create | |
|