Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.lang.python > #19326 > unrolled thread

Re: String interning in Python 3 - missing or moved?

Started byStefan Behnel <stefan_ml@behnel.de>
First post2012-01-24 09:17 +0100
Last post2012-01-24 09:17 +0100
Articles 1 — 1 participant

Back to article view | Back to comp.lang.python

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.


Contents

  Re: String interning in Python 3 - missing or moved? Stefan Behnel <stefan_ml@behnel.de> - 2012-01-24 09:17 +0100

#19326 — Re: String interning in Python 3 - missing or moved?

FromStefan Behnel <stefan_ml@behnel.de>
Date2012-01-24 09:17 +0100
SubjectRe: String interning in Python 3 - missing or moved?
Message-ID<mailman.5015.1327393037.27778.python-list@python.org>
Chris Angelico, 24.01.2012 05:47:
> Lua and Pike both quite happily solved hash collision attacks in their
> interning of strings by randomizing the hash used, because there's no
> way to rely on it. Presumably (based on the intern() docs) Python can
> do the same, if you explicitly intern your strings first. Is it worth
> recommending that people do this with anything that is
> client-provided, and then simply randomize the intern() hash?

If you want to encourage them to fill up their memory with user provided
data in a non-erasable way, then sure, that would certainly keep an
attacker from having to figure out hash collisions in order to bring down a
system. Sending *any* arbitrarily varied data would be enough then.

Stefan

[toc] | [standalone]


Back to top | Article view | comp.lang.python


csiph-web