Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #19326 > unrolled thread
| Started by | Stefan Behnel <stefan_ml@behnel.de> |
|---|---|
| First post | 2012-01-24 09:17 +0100 |
| Last post | 2012-01-24 09:17 +0100 |
| Articles | 1 — 1 participant |
Back to article view | Back to comp.lang.python
This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by
below is the oldest one visible, not the original post.
Re: String interning in Python 3 - missing or moved? Stefan Behnel <stefan_ml@behnel.de> - 2012-01-24 09:17 +0100
| From | Stefan Behnel <stefan_ml@behnel.de> |
|---|---|
| Date | 2012-01-24 09:17 +0100 |
| Subject | Re: String interning in Python 3 - missing or moved? |
| Message-ID | <mailman.5015.1327393037.27778.python-list@python.org> |
Chris Angelico, 24.01.2012 05:47: > Lua and Pike both quite happily solved hash collision attacks in their > interning of strings by randomizing the hash used, because there's no > way to rely on it. Presumably (based on the intern() docs) Python can > do the same, if you explicitly intern your strings first. Is it worth > recommending that people do this with anything that is > client-provided, and then simply randomize the intern() hash? If you want to encourage them to fill up their memory with user provided data in a non-erasable way, then sure, that would certainly keep an attacker from having to figure out hash collisions in order to bring down a system. Sending *any* arbitrarily varied data would be enough then. Stefan
Back to top | Article view | comp.lang.python
csiph-web