This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients Arfrever, PaulMcMillan, Vlado.Boza, alex, arigo, benjamin.peterson, camara, christian.heimes, dmalcolm, koniiiik, lemburg, serhiy.storchaka, vstinner
Date 2012-11-06.15:54:13
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1352217254.03.0.205730212988.issue14621@psf.upfronthosting.co.za>
In-reply-to
Content 
Our hash randomization will always leak some information about the randomization keys. The only way to properly secure our secrets is a cryptographic secure algorithms, for example a crypto hashing function in combination with a message authentication code like HMAC. I don't have to explain how that is going to hurt performance ...

We can try to make it harder to guess the secret parts with a slightly modified algorithm like e.g. V8's hash but that's never going to be 100% secure. But might be secure enough to make an attack too hard.
History
Date User Action Args
2012-11-06 15:54:14christian.heimessetrecipients: + christian.heimes, lemburg, arigo, vstinner, benjamin.peterson, Arfrever, alex, dmalcolm, PaulMcMillan, serhiy.storchaka, Vlado.Boza, koniiiik, camara
2012-11-06 15:54:14christian.heimessetmessageid: <1352217254.03.0.205730212988.issue14621@psf.upfronthosting.co.za>
2012-11-06 15:54:14christian.heimeslinkissue14621 messages
2012-11-06 15:54:13christian.heimescreate