STINNER Victor <victor.stin...@haypocalc.com> added the comment: Christian Heimes proposes the following change in its randomhash branch (see issue #13704):
- x = (Py_uhash_t) *p << 7; + x = Py_RndHashSeed + ((Py_uhash_t) *p << 7); for (i = 0; i < len; i++) x = (1000003U * x) ^ (Py_uhash_t) *p++; x ^= (Py_uhash_t) len; This change doesn't add any security if the attacker can inject any string and retreive the hash value. You can retreive directly Py_RndHashSeed using: Py_RndHashSeed = intmask((hash("a") ^ len("a") ^ ord("a")) * DIVIDE) - (ord("a") << 7) where intmask() truncates to a long (x mod 2^(long bits)) and DIVIDE = 1/1000003 mod 2^(long bits). For example, DIVIDE=2021759595 for 32 bits long. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13703> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com