Path: csiph.com!usenet.pasdenom.info!dedibox.gegeweb.org!gegeweb.eu!nntpfeed.proxad.net!proxad.net!feeder1-2.proxad.net!usenet-fr.net!nerim.net!novso.com!newsfeed.xs4all.nl!newsfeed5.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.002
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; '(at': 0.03; 'algorithm': 0.03; 'cpython': 0.05; 'subject:file': 0.07; 'url:blog': 0.09; '(it': 0.09; 'lookup': 0.09; 'received:209.85.213.46': 0.09; 'received:mail-yw0-f46.google.com': 0.09; 'aug': 0.13; 'language': 0.14; 'weird': 0.15; 'dictionaries': 0.16; 'efficiency.': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'wrote:': 0.17; 'tim': 0.18; 'fairly': 0.21; 'not,': 0.21; 'patch': 0.24; 'least': 0.25; 'header:In-Reply-To:1': 0.25; 'am,': 0.27; 'andrew': 0.27; 'message-id:@mail.gmail.com': 0.27; 'skip:( 20': 0.28; '(maybe': 0.29; 'chase': 0.29; 'consequence': 0.29; 'hash': 0.29; "i'm": 0.29; 'becomes': 0.30; 'fri,': 0.30; 'quickly': 0.32; 'to:addr:python-list': 0.33; 'received:google.com': 0.34; 'wrong': 0.34; 'pm,': 0.35; 'table': 0.35; 'received:209.85': 0.35; 'but': 0.36; 'url:org': 0.36; 'should': 0.36; 'too': 0.36; '(for': 0.37; 'received:209': 0.37; 'subject:: ': 0.38; 'to:addr:python.org': 0.39; 'where': 0.40; 'skip:" 10': 0.40; 'header:Received:5': 0.40; 'most': 0.61; 'account': 0.67; 'collision': 0.84; 'glad': 0.86; 'increases': 0.91; 'sensibly': 0.91; 'angel': 0.93; 'poorly': 0.93
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=+tywC86YwkppgDQ4925ylhjYppeyyyK1FAEq9s1D80s=; b=Gu4z/A3F/vQN6b748EgT/f/NRdNfkg3lJcgrSmcJu7+TE9i2qsAS4OmVqsxiYCEzLV 2pjIjo7byGU1TLdGe3i4oGKLZMxW17eVitSK9EnZwqi8inR2SDLE+n6Z7uxBJ7DF4b7b c63xBF1CqvB3gSTy4yfE/mLFJAP/mAknPaidWgm4Wdyp+EcdkNRRW2wazNus17qk9aac gC9bPsvwe/T4xZRbzl4UswdGIGgeislaftqUmo5TtlwPU2xnt7Gclu17Ec6L252yk9yc vfGEZCVmjKdgeHjuDY2/MuP2meSDmOklFdGJ4e927vfZazDsEPOHi/U941a52BQ3a9Z8 SO6Q==
MIME-Version: 1.0
In-Reply-To: <50243C1A.4030901@tim.thechases.com>
References: <930ab3d8-4ab9-446d-9970-ee811eb70a44@googlegroups.com> <F1B463BB-19A6-4DB1-99B3-929CCBFB5920@gmail.com> <50241F14.2060209@tim.thechases.com> <36EA3847-6713-4C12-B47B-9B5E10325F00@gmail.com> <502429C3.5000600@tim.thechases.com> <mailman.3120.1344548050.4697.python-list@python.org> <MsWUr.1183213$%k.489563@fx20.am4> <5024392D.3010306@davea.name> <50243C1A.4030901@tim.thechases.com>
Date: Fri, 10 Aug 2012 09:01:17 +1000
Subject: Re: save dictionary to a file without brackets.
From: Chris Angelico <rosuav@gmail.com>
To: python-list@python.org
Content-Type: text/plain; charset=ISO-8859-1
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.3133.1344553280.4697.python-list@python.org>
Lines: 27
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1344553280 news.xs4all.nl 6887 [2001:888:2000:d::a6]:36561
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:26830

On Fri, Aug 10, 2012 at 8:39 AM, Tim Chase
<python.list@tim.thechases.com> wrote:
> On 08/09/12 17:26, Dave Angel wrote:
>> On 08/09/2012 06:03 PM, Andrew Cooper wrote:
>> I'm glad you're wrong for CPython's dictionaries.  The only time the
>> lookup would degenerate to O[n] would be if the hash table had only one
>> slot.  CPython sensibly increases the hash table size when it becomes
>> too small for efficiency.
>>
>> Where have you seen dictionaries so poorly implemented?
>
> PHP?
>
> http://www.phpclasses.org/blog/post/171-PHP-Vulnerability-May-Halt-Millions-of-Servers.html

That's the same hash collision attack that I alluded to above, and it
strikes *many* language implementations. Most released a patch fairly
quickly and quietly (Pike, Lua, V8 (JavaScript/ECMAScript), PHP), but
CPython dared not, on account of various applications depending on
hash order (at least for tests). It's not (for once) an indictment of
PHP (maybe that should be an "inarrayment"?), it's a consequence of a
hashing algorithm that favored simplicity over cryptographic
qualities.

(It feels weird to be defending PHP...)

ChrisA