This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author ncoghlan
Recipients barry, christian.heimes, emilyemorehouse, eric.snow, ncoghlan, vstinner
Date 2018-06-24.03:21:07
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1529810468.11.0.56676864532.issue33919@psf.upfronthosting.co.za>
In-reply-to
Content 
Back on the original hash seed topic:

1. The exact size of the seed ranges from 128 bits (SIPHash) to 32-bits depending on exactly which hash algorithm you're talking about (https://www.python.org/dev/peps/pep-0456/#hash-secret)

2. While PEP 456 doesn't state it explicitly, my recollection is that omitting the exact hash seed value from the Python level API was a deliberate decision, since one of the *purposes* of PEP 456 was to protect against seed recovery attacks like https://131002.net/siphash/poc.py. Being able to read the seed directly from the sys modules would rather simplify the task of seed recovery :)

Only exposing a `forced_hash_seed` (and hiding randomly generated ones as `forced_hash_seed=None`) seems reasonable though, since those can already be read from os.environ anyway.
History
Date User Action Args
2018-06-24 03:21:08ncoghlansetrecipients: + ncoghlan, barry, vstinner, christian.heimes, eric.snow, emilyemorehouse
2018-06-24 03:21:08ncoghlansetmessageid: <1529810468.11.0.56676864532.issue33919@psf.upfronthosting.co.za>
2018-06-24 03:21:08ncoghlanlinkissue33919 messages
2018-06-24 03:21:07ncoghlancreate