Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!weretis.net!feeder1.news.weretis.net!feeder.erje.net!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.002
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'situation.': 0.05; 'raised': 0.07; 'something,': 0.07; 'python': 0.08; '(it': 0.09; 'cookies,': 0.09; 'derived': 0.09; 'subclass': 0.09; 'exception': 0.12; 'received:209.85.210.174': 0.13; 'received:mail- iy0-f174.google.com': 0.13; 'apps.': 0.16; 'dictionaries': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'lookup': 0.16; 'lookups': 0.16; 'narrow': 0.16; 'occasionally': 0.16; 'query.': 0.16; 'scales': 0.16; 'subclassing': 0.16; 'wrote:': 0.16; 'arguments': 0.18; 'jan': 0.19; 'possibly': 0.19; 'posting': 0.20; 'downloaded': 0.21; 'maybe': 0.21; 'header:In- Reply-To:1': 0.22; 'dictionary': 0.23; 'etc,': 0.23; 'seemingly': 0.23; 'suggestion': 0.25; 'pm,': 0.26; 'stuff': 0.26; 'load': 0.26; "i'm": 0.27; 'compare': 0.28; 'separate': 0.28; 'message- id:@mail.gmail.com': 0.28; 'software.': 0.29; 'elsewhere': 0.30; 'liking': 0.30; 'sun,': 0.30; 'chris': 0.30; "i've": 0.31; 'developers': 0.31; 'does': 0.32; 'idea': 0.32; "won't": 0.33; 'done': 0.33; 'to:addr:python-list': 0.33; 'there': 0.33; 'too': 0.34; 'anything': 0.34; 'keys': 0.34; '...': 0.35; 'something': 0.35; 'suggestions': 0.35; 'response': 0.35; 'however,': 0.35; 'issue': 0.35; 'similar': 0.36; 'thread': 0.36; 'but': 0.37; 'options': 0.37; "there's": 0.37; 'received:google.com': 0.37; 'not,': 0.37; 'could': 0.37; 'received:209.85': 0.38; 'put': 0.38; 'point': 0.39; 'data,': 0.39; 'received:209': 0.39; 'subject:: ': 0.39; 'might': 0.40; 'to:addr:python.org': 0.40; 'extremely': 0.40; 'under': 0.40; 'huge': 0.60; 'quick': 0.60; 'your': 0.61; 'wide': 0.63; 'market': 0.64; 'internet': 0.64; 'secure': 0.67; 'enjoy': 0.68; 'dict,': 0.84; 'malicious': 0.84; 'notion': 0.84; 'python-dev': 0.84; 'software",': 0.84
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Kk62/ic1R5j0T99tprG65ptGWmgV46MSr58t36skQu4=; b=bXgna4AIHy8UuK+2Vs0gScTwtywO4rdbJtPMEmJYTWN2c1xGYQgLrHOkAW2dYgR6LW EK6S0hvVJF4MrP5s8GdPcigfitzlFCYfeEtgChbh1VPfNEy4Ld4bEcD34ZBRjGv9fVD9 6P4ggbvlwtgVbX6cIjB0TIG0Na0wl8lRQBTnQ=
MIME-Version: 1.0
In-Reply-To: <994ca5fa-59b0-4128-8f9a-696d46db6856@4g2000pbz.googlegroups.com>
References: <4f1107b7$0$29988$c3e8da3$5496439d@news.astraweb.com> <mailman.4756.1326587769.27778.python-list@python.org> <994ca5fa-59b0-4128-8f9a-696d46db6856@4g2000pbz.googlegroups.com>
Date: Sun, 15 Jan 2012 23:21:24 +1100
Subject: Re: Hash stability
From: Chris Angelico <rosuav@gmail.com>
To: python-list@python.org
Content-Type: text/plain; charset=ISO-8859-1
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.4768.1326630087.27778.python-list@python.org>
Lines: 35
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1326630087 news.xs4all.nl 6988 [2001:888:2000:d::a6]:47241
X-Complaints-To: abuse@xs4all.nl
Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:19005

On Sun, Jan 15, 2012 at 11:03 PM, Bryan
<bryanjugglercryptographer@yahoo.com> wrote:
> Chris Angelico wrote:
>> Suggestion: Create a subclass of dict, the SecureDict or something,
>> ... there's no point adding extra load to every
>> name lookup just because of a security issue in an extremely narrow
>> situation.
>
> That seemingly "extremely narrow situation" turns out to be wide as
> Montana. Maybe Siberia. Does your program take input? Does it accept a
> format that could possibly be downloaded from a malicious site on the
> Internet? Does your market include users who occasionally make
> mistakes? If not, enjoy your utter irrelevance. If so,
> congratulations: you write Internet software.

Yes, but in that "Internet software", there will only be a small
number of dictionaries that an attacker can stuff with keys (GET/POST
data, headers, cookies, etc, and anything derived therefrom); compare
the huge number of dictionaries that exist elsewhere in your Python
program. Adding load to dictionaries will add load to a huge number of
lookups that can never come under attack.

However, since posting that I've read the entire thread on the
python-dev archive. (It is, I might mention, a LOT of text.) A number
of suggestions and arguments are put forth, including a subclassing
notion similar to my postulation, and the same point is raised: that
app/framework developers won't secure their apps. Other options are
also offered (personally, I'm liking the one where an exception is
raised if something collides with too many keys - current suggestion
1000, although it could possibly work well with something that scales
with the dictionary size), and I'm sure that something will be done
that's a lot smarter than one quick idea spun off in response to a
separate query. So, I retract this idea :)

ChrisA