On Thu, Oct 3, 2013 at 12:23 PM, Christian Heimes <christ...@python.org>wrote:
> Am 03.10.2013 21:05, schrieb Guido van Rossum: > > Hm. I would like to stick to the philosophy that Python's hash > > should be as fast as it possibly can be, and should not be mistaken > > for a cryptographic hash. The point is to optimize dict lookups, > > nothing more, given typical (or even atypical) key distribution, > > not to thwart deliberate attacks. We already have adopted a feature > > that plugged most viable attacks on web apps, I think that's > > enough. I also agree with Antoine's response. > > Python's hash is neither as fast nor as secure as it can possibly be. > But fixing that shouldn't need all the extra stuff you're proposing. It's not as fast because it doesn't use the full power of modern CPUs. > In most cases the code processes only 1 or 2 bytes per cycle instead > of 8 bytes on 64-bit architectures. Jean-Philippe Aumasson and Daniel > J. Bernstein (who are coincidentally the authors of SipHash) have > shown how to recover Python randomization keys. > What's a Python randomization key? > SipHash: > more secure and about same speed on most systems > Same speed as what? > optimized FNV: > faster but with a known issue > What issue? -- --Guido van Rossum (python.org/~guido)
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com