On Tue, Feb 21, 2012 at 15:58, Xavier Morel <python-...@masklinn.net> wrote:
> On 2012-02-21, at 21:24 , Brett Cannon wrote: > > On Tue, Feb 21, 2012 at 15:05, Barry Warsaw <ba...@python.org> wrote: > > > >> On Feb 21, 2012, at 02:58 PM, Benjamin Peterson wrote: > >> > >>> 2012/2/21 Antoine Pitrou <solip...@pitrou.net>: > >>>> > >>>> Hello, > >>>> > >>>> Shouldn't it be enabled by default in 3.3? > >> > >> Yes. > >> > >>> Should you be able to disable it? > >> > >> No, but you should be able to provide a seed. > > > > I think that's inviting trouble if you can provide the seed. It leads to > a > > false sense of security in that providing some seed secures them instead > of > > just making it a tad harder for the attack. > > I might have misunderstood something, but wouldn't providing a seed always > make it *easier* for the attacker, compared to a randomized hash? > Yes, that was what I was trying to convey.
_______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
