This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Giovanni.Bajo
Recipients Arfrever, Bob.Ziuchkovski, Giovanni.Bajo, PaulMcMillan, ReneSac, Vlado.Boza, alex, arigo, benjamin.peterson, camara, christian.heimes, cvrebert, dmalcolm, gregory.p.smith, iElectric, koniiiik, lemburg, mark.dickinson, ncoghlan, sbermeister, serhiy.storchaka, vstinner, Łukasz.Rekucki
Date 2013-01-02.10:02:30
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <0505B8CD-224D-4955-88C1-E298784562D6@gmail.com>
In-reply-to <1357082426.45.0.877992378426.issue14621@psf.upfronthosting.co.za>
Content 
Il giorno 02/gen/2013, alle ore 00:20, Domen Kožar <report@bugs.python.org> ha scritto:

> 
> Domen Kožar added the comment:
> 
> According to talk at 29c3: http://events.ccc.de/congress/2012/Fahrplan/events/5152.en.html
> 
> Quote: We also describe a vulnerability of Python's new randomized hash, allowing an attacker to easily recover the 128-bit secret seed. As a reliable fix to hash-flooding, we introduce SipHash, a family of cryptographically strong keyed hash function competitive in performance with the weak hashes, and already adopted in OpenDNS, Perl 5, Ruby, and in the Rust language.

That is exactly the vulnerability that was previously mentioned in the context of this bug. SipHash is currently the only solution for a collision-resistant fast-enough hash. 
-- 
Giovanni Bajo
History
Date User Action Args
2013-01-02 10:02:31Giovanni.Bajosetrecipients: + Giovanni.Bajo, lemburg, arigo, gregory.p.smith, mark.dickinson, ncoghlan, vstinner, christian.heimes, benjamin.peterson, iElectric, Arfrever, alex, cvrebert, dmalcolm, PaulMcMillan, serhiy.storchaka, Vlado.Boza, koniiiik, sbermeister, camara, Łukasz.Rekucki, ReneSac, Bob.Ziuchkovski
2013-01-02 10:02:31Giovanni.Bajolinkissue14621 messages
2013-01-02 10:02:30Giovanni.Bajocreate