Message349828
> Making the numeric hash non-predictable while maintaining its current properties would be difficult.
Why so?
> In fact, I think it's reasonable to assume that there are no websites vulnerable to a DOS via *numeric* hash collisions until we see evidence otherwise. I'd expect that there are *way* more places where a dict is being constructed with string keys in this way than with numeric keys.
That's true, but why do we restrict ourselves to websites? This is how I see it: As a Python developer, it seems like my program is immune to hash collision DoS if I use strings/bytes as dictionary keys, but *not* if my keys, say, are tuples of strings. Why not make the hash non-predictable for all builtin types by default? |
|
Date |
User |
Action |
Args |
2019-08-15 21:19:36 | epicfaace | set | recipients:
+ epicfaace, lemburg, rhettinger, mark.dickinson, belopolsky, christian.heimes, benjamin.peterson, dmalcolm, serhiy.storchaka |
2019-08-15 21:19:36 | epicfaace | set | messageid: <1565903976.02.0.407911479563.issue29535@roundup.psfhosted.org> |
2019-08-15 21:19:36 | epicfaace | link | issue29535 messages |
2019-08-15 21:19:35 | epicfaace | create | |
|