Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #20136

Re: frozendict

From Terry Reedy <tjreedy@udel.edu>
Subject Re: frozendict
Date 2012-02-09 22:33 -0500
References (5 earlier) <Xns9FF497406322duncanbooth@127.0.0.1> <CAOFbRmJLyNA=-oM3eyASVE0EzA6SrjguP7Lv1Vsj2qA4=qU-cw@mail.gmail.com> <mailman.5597.1328805384.27778.python-list@python.org> <4f3471e9$0$29986$c3e8da3$5496439d@news.astraweb.com> <CAOFbRmJN=XicYeUjN9+a800FqvRGigA4p_88mU=Pj1ZRtcgwfw@mail.gmail.com>
Newsgroups comp.lang.python
Message-ID <mailman.5635.1328844905.27778.python-list@python.org> (permalink)

Show all headers | View raw

On 2/9/2012 9:30 PM, Nathan Rice wrote:

>> That day may be sooner than you think. It is very likely that in Python
>> 3.3, dict order will be randomized on creation as a side-effect of adding
>> a random salt to hashes to prevent a serious vulnerability in dicts.
>>
>> http://securitytracker.com/id/1026478
>>
>> http://bugs.python.org/issue13703
>>
>>
>> If there is anyone still assuming that dicts have a predictable order,
>> they're going to be in for a nasty surprise one of these days.
>
> The only thing needed to avoid the hash collision is that your hash
> function is not not 100% predictable just by looking at the python
> source code.  I don't see why every dict would have to be created
> differently.  I would think having the most ubiquitous data structure
> in your language be more predictable would be a priority.  Oh well....

I believe 'on creation' means 'on process startup', not on dict 
creation. There have, however, been several variants suggested, and the 
focus has been on choosing one first for past and current versions. 3.3 
is about 6 months off and hash for it may still be debated.

-- 
Terry Jan Reedy

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Re: frozendict Nathan Rice <nathan.alexander.rice@gmail.com> - 2012-02-08 22:43 -0500
  Re: frozendict Duncan Booth <duncan.booth@invalid.invalid> - 2012-02-09 10:33 +0000
    Re: frozendict Nathan Rice <nathan.alexander.rice@gmail.com> - 2012-02-09 09:36 -0500
      Re: frozendict Duncan Booth <duncan.booth@invalid.invalid> - 2012-02-09 14:52 +0000
        Re: frozendict Nathan Rice <nathan.alexander.rice@gmail.com> - 2012-02-09 10:19 -0500
          Re: frozendict Duncan Booth <duncan.booth@invalid.invalid> - 2012-02-09 18:47 +0000
        Re: frozendict Ian Kelly <ian.g.kelly@gmail.com> - 2012-02-09 09:35 -0700
          Re: frozendict Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-02-10 01:24 +0000
            Re: frozendict Nathan Rice <nathan.alexander.rice@gmail.com> - 2012-02-09 21:30 -0500
            Re: frozendict Terry Reedy <tjreedy@udel.edu> - 2012-02-09 22:33 -0500
            Re: frozendict Chris Angelico <rosuav@gmail.com> - 2012-02-10 21:08 +1100
            Re: frozendict Nathan Rice <nathan.alexander.rice@gmail.com> - 2012-02-10 11:53 -0500
            Re: frozendict Chris Rebert <clp2@rebertia.com> - 2012-02-10 09:00 -0800
            Re: frozendict Nathan Rice <nathan.alexander.rice@gmail.com> - 2012-02-10 13:14 -0500
              Re: frozendict John Nagle <nagle@animats.com> - 2012-02-10 10:57 -0800
                Re: frozendict 88888 Dihedral <dihedral88888@googlemail.com> - 2012-02-10 21:52 -0800
                Re: frozendict John Nagle <nagle@animats.com> - 2012-02-13 13:15 -0800
        Re: frozendict Nathan Rice <nathan.alexander.rice@gmail.com> - 2012-02-09 11:50 -0500

csiph-web