On Fri, Jan 20, 2012 at 03:48, Guido van Rossum <gu...@python.org> wrote: > I think that's because your collision-counting algorithm was much more > primitive than MAL's.
Conceded. >> This, >> combined with the second problem (needing to catch an exception), led >> me to abandon this approach and write Securetypes, which has a >> securedict that uses SHA-1. Not that I like this either; I think I'm >> happy with the randomize-hash() approach. > > > Why did you need to catch the exception? Were you not happy with the program > simply terminating with a traceback when it got attacked? No, I wasn't happy with termination. I wanted to treat it just like a JSON decoding error, and send the appropriate response. I actually forgot to mention the main reason I abandoned the stop-at-N-collisions approach. I had a server with a dict that stayed in memory, across many requests. It was being populated with identifiers chosen by clients. I couldn't have my server stay broken if this dict filled up with a bunch of colliding keys. (I don't think I could have done another thing either, like nuke the dict or evict some keys.) Ivan _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com