Marc-Andre Lemburg <m...@egenix.com> added the comment: Dave Malcolm wrote: > > If anyone is aware of an attack via numeric hashing that's actually > possible, please let me know (privately). I believe only specific apps > could be affected, and I'm not aware of any such specific apps.
I'm not sure what you'd like to see. Any application reading user provided data from a file, database, web, etc. is vulnerable to the attack, if it uses the read numeric data as keys in a dictionary. The most common use case for this is a dictionary mapping codes or IDs to strings or objects, e.g. for caching purposes, to find a list of unique IDs, checking for duplicates, etc. This also works indirectly on 32-bit platforms, e.g. via date/time or IP address values that get converted to key integers. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13703> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
