[issue32175] Add hash auto-randomization

[STINNER Victor]

STINNER Victor  added the comment:

By the way, for a few other reasons, Python 3 is more secure than Python 2.7. 
If you care of security, please upgrade!

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32175] Add hash auto-randomization

[Raymond Hettinger]

Raymond Hettinger  added the comment:

Marking as closed for the reasons listed by the other respondents.

--
resolution:  -> rejected
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32175] Add hash auto-randomization

[Antoine Pitrou]

Antoine Pitrou  added the comment:

Agreed this is not desirable at this point.  Let's leave 2.7 like it is.

--
nosy: +pitrou

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32175] Add hash auto-randomization

[STINNER Victor]

STINNER Victor  added the comment:

It was decided to leave the hash randomization disabled by default for backward 
compatibility. It's a deliberate choice.

I don't think that we need to go further for Python 2.7. I never considered 
this denial of service attach as major, there are many other ways to trigger a 
DoS, and fixing the dict type is not the right way to prevent this class of 
attacks.

HTTP clients and frameworks like http.client and Django implemented other 
countermeasures like limiting the number of HTTP headers.

The problem was correctly fixed in Python 3: randomization enabled by default 
since Python 3.3, and Python 3.4 now uses SipHash which better hides the hash 
secret.

More info at:
* http://python-security.readthedocs.io/vuln/cve-2012-1150_hash_dos.html
* 
http://python-security.readthedocs.io/vuln/cve-2013-7040_hash_not_properly_randomized.html

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32175] Add hash auto-randomization

[Christian Heimes]

Christian Heimes  added the comment:

Raymond, dicts are your area of expertise.

I'm -0 on the patch. The check is going to slow down dicts and it's really easy 
to enable randomization with an env var or command line argument.

--
assignee:  -> rhettinger
nosy: +christian.heimes, rhettinger, vstinner

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32175] Add hash auto-randomization

[Brian Jarvis]

New submission from Brian Jarvis :

Hash auto-randomization is a mechanism to detect when a collision attack is 
underway and switch to a randomized keying scheme at that point.

This patch is for the 2.7 branch, where hash randomization is not on by default.

Using collided strings from 
https://github.com/Storyyeller/fnv-collider/tree/master/collided_strings, 10 
"attacks" of roughly 50,000 collided strings were launched against this. The 
unmodified Python had a median insert time of roughly 4.32 seconds and a median 
retrieve time of roughly 4.40 seconds. With the auto-randomized version of 
Python, the median insert time was roughly 3.99 seconds and median retrieve 
time was roughly 3.57 seconds. This is a 7.7% and 18.9% savings, respectively.

--
files: auto_rand_2.7.patch
keywords: patch
messages: 307278
nosy: bjarvis
priority: normal
severity: normal
status: open
title: Add hash auto-randomization
type: enhancement
versions: Python 2.7
Added file: https://bugs.python.org/file47305/auto_rand_2.7.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com