2012/1/27 Serhiy Storchaka <storch...@gmail.com>: > As already mentioned, the vulnerability of 64-bit Python rather theoretical > and not practical. The size of the hash makes the attack is extremely > unlikely. Perhaps the easiest change, avoid 32-bit Python on the > vulnerability, will use 64-bit (or more) hash on all platforms. The > performance is comparable to the randomization. Keys order depended code will > be braked not stronger than when you change the platform or Python feature > version. Maybe all the 64 bits used only for strings, and for other objects > -- only the lower 32 bits.
A tempting idea, but binary incompatible. -- Regards, Benjamin _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
