This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author epicfaace
Recipients belopolsky, benjamin.peterson, christian.heimes, dmalcolm, epicfaace, lemburg, mark.dickinson, rhettinger, serhiy.storchaka
Date 2019-08-15.21:19:35
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1565903976.02.0.407911479563.issue29535@roundup.psfhosted.org>
In-reply-to
Content 
> Making the numeric hash non-predictable while maintaining its current properties would be difficult.

Why so?

> In fact, I think it's reasonable to assume that there are no websites vulnerable to a DOS via *numeric* hash collisions until we see evidence otherwise. I'd expect that there are *way* more places where a dict is being constructed with string keys in this way than with numeric keys.

That's true, but why do we restrict ourselves to websites? This is how I see it: As a Python developer, it seems like my program is immune to hash collision DoS if I use strings/bytes as dictionary keys, but *not* if my keys, say, are tuples of strings. Why not make the hash non-predictable for all builtin types by default?
History
Date User Action Args
2019-08-15 21:19:36epicfaacesetrecipients: + epicfaace, lemburg, rhettinger, mark.dickinson, belopolsky, christian.heimes, benjamin.peterson, dmalcolm, serhiy.storchaka
2019-08-15 21:19:36epicfaacesetmessageid: <1565903976.02.0.407911479563.issue29535@roundup.psfhosted.org>
2019-08-15 21:19:36epicfaacelinkissue29535 messages
2019-08-15 21:19:35epicfaacecreate