STINNER Victor <vstin...@python.org> added the comment:
"1.67 us +- 0.03 us: 1.78x faster" with a bytes string of 6k bytes sounds worth it to me. When we talk about "security" here, we are talking about a denial of service attack on the dict worst case performance: https://python-security.readthedocs.io/vuln/hash-dos.html I know that it's not a popular opinion, but I don't think that this denial of service (DoS) is important. IMO there are enough other ways to crash a server. Moreover, the initial attack vector was a HTTP request with tons of header lines. In the meanwhile, the Python http module was modified to put arbitrary limits on the number of HTTP headers and the maximum length of a single HTTP header. It's nice to limit the risk of a DoS, but I don't think that we should go too far. If it worked for Rust and Ruby, SipHash-1-3 should be good as well for Python. I expect even more interesting speedup with bytes string longer than 6k bytes. And I'm quite sure that it's common that people manipulates long strings in Python :-) I retarget this change to Python 3.11. Please don't backport it since it changes the Python build system (configure options). ---------- versions: +Python 3.11 -Python 3.7 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue29410> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
