This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients Arfrever, Mark.Shannon, PaulMcMillan, Zhiping.Deng, alex, barry, benjamin.peterson, christian.heimes, dmalcolm, eric.araujo, georg.brandl, gvanrossum, jcea, lemburg, pitrou, terry.reedy, vstinner
Date 2012-01-05.00:36:51
SpamBayes Score 2.4654514e-07
Marked as misclassified No
Message-id <1325723812.53.0.978598000253.issue13703@psf.upfronthosting.co.za>
In-reply-to
Content 
Thanks Victor!

> - hash(str) is now randomized using two random Py_hash_t values: 
> don't touch the critical loop, only add a prefix and a suffix

At least for Python 2.x hash(str) and hash(unicode) have to yield the same result for ASCII only strings. 

>  - PyOS_URandom() raises exceptions whereas it is called before
> creating the interpreter state. I suppose that it cannot work like this.

My patch compensates for the issue and calls Py_FatalError() when the random seed hasn't been initialized yet.

You aren't special casing small strings. I fear that an attacker may guess the seed from several small strings. How about using another initial seed for strings shorter than 4 code points?
History
Date User Action Args
2012-01-05 00:36:52christian.heimessetrecipients: + christian.heimes, lemburg, gvanrossum, barry, georg.brandl, terry.reedy, jcea, pitrou, vstinner, benjamin.peterson, eric.araujo, Arfrever, alex, dmalcolm, Mark.Shannon, Zhiping.Deng, PaulMcMillan
2012-01-05 00:36:52christian.heimessetmessageid: <1325723812.53.0.978598000253.issue13703@psf.upfronthosting.co.za>
2012-01-05 00:36:51christian.heimeslinkissue13703 messages
2012-01-05 00:36:51christian.heimescreate