Message178808
Il giorno 02/gen/2013, alle ore 00:20, Domen Kožar <report@bugs.python.org> ha scritto:
>
> Domen Kožar added the comment:
>
> According to talk at 29c3: http://events.ccc.de/congress/2012/Fahrplan/events/5152.en.html
>
> Quote: We also describe a vulnerability of Python's new randomized hash, allowing an attacker to easily recover the 128-bit secret seed. As a reliable fix to hash-flooding, we introduce SipHash, a family of cryptographically strong keyed hash function competitive in performance with the weak hashes, and already adopted in OpenDNS, Perl 5, Ruby, and in the Rust language.
That is exactly the vulnerability that was previously mentioned in the context of this bug. SipHash is currently the only solution for a collision-resistant fast-enough hash.
--
Giovanni Bajo |
|
Date |
User |
Action |
Args |
2013-01-02 10:02:31 | Giovanni.Bajo | set | recipients:
+ Giovanni.Bajo, lemburg, arigo, gregory.p.smith, mark.dickinson, ncoghlan, vstinner, christian.heimes, benjamin.peterson, iElectric, Arfrever, alex, cvrebert, dmalcolm, PaulMcMillan, serhiy.storchaka, Vlado.Boza, koniiiik, sbermeister, camara, Łukasz.Rekucki, ReneSac, Bob.Ziuchkovski |
2013-01-02 10:02:31 | Giovanni.Bajo | link | issue14621 messages |
2013-01-02 10:02:30 | Giovanni.Bajo | create | |
|