[issue32175] Add hash auto-randomization

STINNER Victor added the comment: By the way, for a few other reasons, Python 3 is more secure than Python 2.7. If you care of security, please upgrade! -- ___ Python tracker

[issue32175] Add hash auto-randomization

Raymond Hettinger added the comment: Marking as closed for the reasons listed by the other respondents. -- resolution: -> rejected stage: -> resolved status: open -> closed ___ Python tracker

[issue32175] Add hash auto-randomization

Antoine Pitrou added the comment: Agreed this is not desirable at this point. Let's leave 2.7 like it is. -- nosy: +pitrou ___ Python tracker

[issue32175] Add hash auto-randomization

STINNER Victor added the comment: It was decided to leave the hash randomization disabled by default for backward compatibility. It's a deliberate choice. I don't think that we need to go further for Python 2.7. I never considered this denial of service attach as

[issue32175] Add hash auto-randomization

Christian Heimes added the comment: Raymond, dicts are your area of expertise. I'm -0 on the patch. The check is going to slow down dicts and it's really easy to enable randomization with an env var or command line argument. -- assignee: -> rhettinger nosy:

[issue32175] Add hash auto-randomization

New submission from Brian Jarvis : Hash auto-randomization is a mechanism to detect when a collision attack is underway and switch to a randomized keying scheme at that point. This patch is for the 2.7 branch, where hash randomization is not on by default. Using