Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.008
X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'subject:error': 0.03; 'subject:not': 0.03; 'model,': 0.05; '"if': 0.09; 'bits': 0.09; 'used.': 0.09; 'cc:addr:python-list': 0.11; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'happily': 0.16; 'hashed': 0.16; 'https': 0.16; 'least)': 0.16; 'md5': 0.16; 'mercurial,': 0.16; 'password,': 0.16; 'reedy': 0.16; 'subject:key': 0.16; 'subject:when': 0.16; 'sat,': 0.16; 'wrote:': 0.18; 'bit': 0.19; 'basically': 0.19; 'aug': 0.22; 'cc:addr:python.org': 0.22; 'closely': 0.24; '(or': 0.24; 'cc:2**0': 0.24; 'header:In-Reply- To:1': 0.27; 'idea': 0.28; 'am,': 0.29; "doesn't": 0.30; 'involving': 0.30; 'said,': 0.30; 'message-id:@mail.gmail.com': 0.30; 'probability': 0.31; 'says': 0.33; 'actual': 0.34; 'more,': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'really': 0.36; 'false': 0.36; 'passwords': 0.36; 'files': 0.38; 'that,': 0.38; 'expect': 0.39; 'bad': 0.39; 'though,': 0.39; 'algorithms': 0.60; 'more': 0.64; 'different': 0.65; '(that': 0.65; 'situation': 0.65; 'approaches': 0.68; 'internet': 0.71; 'carefully': 0.74; '(any': 0.84; '160': 0.84; 'collision': 0.84; 'drive.': 0.84; 'malicious': 0.84; 'quicker': 0.84; 'passwords,': 0.91; 'to:none': 0.92
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=sDubE79M+hMo5NFNnWc4lZsLHZcF3MnRv8JPXU3xLsU=; b=sQzm82mBtL+S6CAHH7FFnGh+huGRHwueeGe2ynxosnB8FVzsW4Evv/J0Bv32dQbOfX 1fvRI2zv1tcF07Ttm8U5Us5QlnGo/cp37uLNTK64Kx0biRrKhbxiA2ZH5Q6a/IgNPEK2 FUHKokl+lgJxy79+/zQ3shDsXRWseGKUlDuEZ+PIEleuwDOoSBIktx8MWAIcyjUkVHAb ndF4f+VZQrFMuS8iQ5xLYnXcGJjCDAmL739ZthpViMldOvMBCjKP1LzwdLt0c7rj5Jy+ 47XlcUCQKoA4FhKN4ZLKVQk6fnNzVwgaE3KroPsHHJ+YNMCYqswdi9kFg5ib9S1xaDsj ywUw==
MIME-Version: 1.0
X-Received: by 10.50.30.72 with SMTP id q8mr12976759igh.14.1406937422778; Fri, 01 Aug 2014 16:57:02 -0700 (PDT)
In-Reply-To: <lrh1jr$u65$1@ger.gmane.org>
References: <CAFBK5a-hjukHaHOim4tL_RerXiHsFP03eaQoN42yGfeCJ9NZPg@mail.gmail.com> <CAGGBd_riruS0nRM9+o+1dz=jVZgYOo09qX97P+LWK5Nu6HTYRw@mail.gmail.com> <mailman.12501.1406862741.18130.python-list@python.org> <53db11c1$0$29986$c3e8da3$5496439d@news.astraweb.com> <mailman.12503.1406866676.18130.python-list@python.org> <53db96bc$0$29986$c3e8da3$5496439d@news.astraweb.com> <mailman.12512.1406901485.18130.python-list@python.org> <87vbqcnrrh.fsf@elektro.pacujo.net> <lrh1jr$u65$1@ger.gmane.org>
Date: Sat, 2 Aug 2014 09:57:02 +1000
Subject: Re: Dict when defining not returning multi value key error
From: Chris Angelico <rosuav@gmail.com>
Cc: "python-list@python.org" <python-list@python.org>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.12529.1406937431.18130.python-list@python.org>
Lines: 20
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1406937431 news.xs4all.nl 2839 [2001:888:2000:d::a6]:54539
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:75507

On Sat, Aug 2, 2014 at 7:42 AM, Terry Reedy <tjreedy@udel.edu> wrote:
> For mercurial, with no treat model, a 160 bit hash is used. Internet
> applications need more bits and carefully vetted algorithms to hopefully
> make the actual principle true.

Ditto git, which also has no threat model. I don't know of any
situation in HTTPS that has this, but the classic concept of hashed
passwords (quite independent of HTTPS) basically says "if I take an
arbitrary/random salt and combine it with your password, and hash
that, then the probability of a hash collision involving the same salt
and a different password approaches 0". And any time "approaches 0" is
provably false (or doesn't approach 0 closely enough), you have weak
passwords, which is why it's a really bad idea to use MD5 passwording.
Ergo MD5 is not (any more, at least) a "carefully vetted algorithm".
(That said, though, I will happily use md5sum across a huge pile of
files to find duplicates. It's a lot quicker than sha*sum, and I don't
have reason to expect malicious hash collisions on my own hard drive.
Plus, I can always just check some other way.)

ChrisA