STINNER Victor <victor.stin...@haypocalc.com> added the comment: > Note that the collision counting demo patch is trivial - I just > wanted to demonstrate how it works. As already mentioned, there's > room for improvement: > > If Python objects were to provide an additional > method for calculating a universal hash value (based on an > integer input parameter), the dictionary in question could > use this to rehash itself and avoid the attack. Think of this > as "randomization when needed".
Yes, the solution can be improved, but maybe not in stable versions (the patch for stable versions should be short and simple). If the hash output depends on an argument, the result cannot be cached. So I suppose that dictionary lookups become slower than the dictionary switches to the randomized mode. It would require to add an optional argument to hash functions, or add a new function to some (or all?) builtin types. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13703> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
