Caveat: I'm coming to this discussion late. But I think that when there are no good choices, the trump card is security. And the algorithmic complexity attack is just that - an *attack*. Security vunlerabilities cannot be allowed to stand, even if the consequences are painful.
I say: Seed those hashes.
Feel free to hash the issue (I'm sorry, I'm freshly out of good puns, too tired) while I'm away. Since we got started on the RCs, we might as well release a few of them...
If Stas gets mod_perl and the randomised hashes to coexist, we can flip RC3 back to the randomise-by-default.
I'm working on it. It's a bit hard to do it during the conference, but it's coming to an end now. Will keep you posted.
__________________________________________________________________ Stas Bekman JAm_pH ------> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com