Message150645
> I fear that an attacker may guess the seed from several small strings
hash(a) ^ hash(b) "removes" the suffix, but I don't see how to guess the prefix from this new value. It doesn't mean that it is not possible, just that I don't have a strong background in crytography :-)
I don't expect that adding 2 XOR would change our dummy (fast but unsafe) hash function into a cryptographic hash function. We cannot have security for free. If we want a strong cryptographic hash function, it would be much slower (Paul wrote that it would be 4x slower). But we prefer speed over security, so we have to do compromise.
I don't know if you can retreive hash values in practice. I suppose that you can only get hash(str) & (size - 1) with size=size of the dict internal array, so only the lower bits. Using a large dict, you may be able to retreive more bits of the hash value. |
|
Date |
User |
Action |
Args |
2012-01-05 00:49:04 | vstinner | set | recipients:
+ vstinner, lemburg, gvanrossum, barry, georg.brandl, terry.reedy, jcea, pitrou, christian.heimes, benjamin.peterson, eric.araujo, Arfrever, alex, dmalcolm, Mark.Shannon, Zhiping.Deng, PaulMcMillan |
2012-01-05 00:49:04 | vstinner | set | messageid: <1325724544.3.0.711149644235.issue13703@psf.upfronthosting.co.za> |
2012-01-05 00:49:03 | vstinner | link | issue13703 messages |
2012-01-05 00:49:03 | vstinner | create | |
|