Message151092
I must be missing something, but how is raising an exception when a collision threshold is reached a good thing?
Basically, we're just exchanging a DoS for another (just feed the server process with ad-hoc data and he'll commit suicide). Sure, the caller can catch the exception to detect this, but what for? Restart the process, so that the attacker can just try again?
Also, there's the potential of perfectly legit applications breaking.
IMHO, randomization is the way to go, so that an attacker cannot generate a set of colliding values beforehand, which renders the attack impracticle. The same idea is behind ASLR used in modern kernels, and AFAICT, has been chosen by other implementations.
If a such patch has a negligible performance impact, then it should definitely be enabled by default. People who want deterministic hashing (maybe to bypass an application bug, or just because the want determinism) can disable it if they really want to. |
|
Date |
User |
Action |
Args |
2012-01-11 21:46:13 | neologix | set | recipients:
+ neologix, lemburg, gvanrossum, tim.peters, barry, georg.brandl, terry.reedy, jcea, mark.dickinson, pitrou, vstinner, christian.heimes, benjamin.peterson, eric.araujo, Arfrever, v+python, alex, zbysz, skrah, dmalcolm, gz, Arach, Mark.Shannon, Zhiping.Deng, Huzaifa.Sidhpurwala, PaulMcMillan |
2012-01-11 21:46:12 | neologix | set | messageid: <1326318372.91.0.960872424612.issue13703@psf.upfronthosting.co.za> |
2012-01-11 21:46:12 | neologix | link | issue13703 messages |
2012-01-11 21:46:11 | neologix | create | |
|