Message152855
Dave Malcolm wrote:
>
> If anyone is aware of an attack via numeric hashing that's actually
> possible, please let me know (privately). I believe only specific apps
> could be affected, and I'm not aware of any such specific apps.
I'm not sure what you'd like to see.
Any application reading user provided data from a file, database,
web, etc. is vulnerable to the attack, if it uses the read numeric
data as keys in a dictionary.
The most common use case for this is a dictionary mapping codes or
IDs to strings or objects, e.g. for caching purposes, to find a list
of unique IDs, checking for duplicates, etc.
This also works indirectly on 32-bit platforms, e.g. via date/time
or IP address values that get converted to key integers. |
|
Date |
User |
Action |
Args |
2012-02-08 13:10:40 | lemburg | set | recipients:
+ lemburg, gvanrossum, tim.peters, loewis, barry, georg.brandl, terry.reedy, gregory.p.smith, jcea, mark.dickinson, pitrou, vstinner, christian.heimes, benjamin.peterson, eric.araujo, grahamd, Arfrever, v+python, alex, zbysz, skrah, dmalcolm, gz, neologix, Arach, Mark.Shannon, eric.snow, Zhiping.Deng, Huzaifa.Sidhpurwala, Jim.Jewett, PaulMcMillan, fx5, skorgu |
2012-02-08 13:10:39 | lemburg | link | issue13703 messages |
2012-02-08 13:10:39 | lemburg | create | |
|