Message320347
Back on the original hash seed topic:
1. The exact size of the seed ranges from 128 bits (SIPHash) to 32-bits depending on exactly which hash algorithm you're talking about (https://www.python.org/dev/peps/pep-0456/#hash-secret)
2. While PEP 456 doesn't state it explicitly, my recollection is that omitting the exact hash seed value from the Python level API was a deliberate decision, since one of the *purposes* of PEP 456 was to protect against seed recovery attacks like https://131002.net/siphash/poc.py. Being able to read the seed directly from the sys modules would rather simplify the task of seed recovery :)
Only exposing a `forced_hash_seed` (and hiding randomly generated ones as `forced_hash_seed=None`) seems reasonable though, since those can already be read from os.environ anyway. |
|
Date |
User |
Action |
Args |
2018-06-24 03:21:08 | ncoghlan | set | recipients:
+ ncoghlan, barry, vstinner, christian.heimes, eric.snow, emilyemorehouse |
2018-06-24 03:21:08 | ncoghlan | set | messageid: <1529810468.11.0.56676864532.issue33919@psf.upfronthosting.co.za> |
2018-06-24 03:21:08 | ncoghlan | link | issue33919 messages |
2018-06-24 03:21:07 | ncoghlan | create | |
|