Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #18986
| References | <4f1107b7$0$29988$c3e8da3$5496439d@news.astraweb.com> |
|---|---|
| Date | 2012-01-15 11:36 +1100 |
| Subject | Re: Hash stability |
| From | Chris Angelico <rosuav@gmail.com> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.4756.1326587769.27778.python-list@python.org> (permalink) |
On Sat, Jan 14, 2012 at 3:42 PM, Steven D'Aprano <steve+comp.lang.python@pearwood.info> wrote: > On the Python Dev mailing list, there is a discussion going on about the > stability of the hash function for strings. > > How many people rely on hash(some_string) being stable across Python > versions? Does anyone have code that will be broken if the string hashing > algorithm changes? On reading your post I immediately thought that you could, if changing algorithm, simultaneously fix the issue of malicious collisions, but that appears to be what you're doing it for primarily :) Suggestion: Create a subclass of dict, the SecureDict or something, which could either perturb the hashes or even use a proper cryptographic hash function; normal dictionaries can continue to use the current algorithm. The description in Objects/dictnotes.txt suggests that it's still well worth keeping the current system for programmer-controlled dictionaries, and only change user-controlled ones (such as POST data etc). It would then be up to the individual framework and module authors to make use of this, but it would not impose any cost on the myriad other uses of dictionaries - there's no point adding extra load to every name lookup just because of a security issue in an extremely narrow situation. It would also mean that code relying on hash(str) stability wouldn't be broken. ChrisA
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Hash stability Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-01-14 04:42 +0000
Re: Hash stability Peter Otten <__peter__@web.de> - 2012-01-14 10:46 +0100
Re: Hash stability Heiko Wundram <modelnine@modelnine.org> - 2012-01-14 23:45 +0100
Re: Hash stability Chris Angelico <rosuav@gmail.com> - 2012-01-15 11:36 +1100
Re: Hash stability Bryan <bryanjugglercryptographer@yahoo.com> - 2012-01-15 04:03 -0800
Re: Hash stability Chris Angelico <rosuav@gmail.com> - 2012-01-15 23:21 +1100
Re: Hash stability Roy Smith <roy@panix.com> - 2012-01-14 21:26 -0500
Re: Hash stability Terry Reedy <tjreedy@udel.edu> - 2012-01-14 23:07 -0500
Re: Hash stability Stefan Behnel <stefan_ml@behnel.de> - 2012-01-15 11:13 +0100
Re: Hash stability Heiko Wundram <modelnine@modelnine.org> - 2012-01-15 12:46 +0100
Re: Hash stability Peter Otten <__peter__@web.de> - 2012-01-15 13:22 +0100
Re: Hash stability Heiko Wundram <modelnine@modelnine.org> - 2012-01-15 17:07 +0100
Re: Hash stability Chris Angelico <rosuav@gmail.com> - 2012-01-16 03:13 +1100
Re: Hash stability Heiko Wundram <modelnine@modelnine.org> - 2012-01-15 17:51 +0100
Re: Hash stability Stefan Behnel <stefan_ml@behnel.de> - 2012-01-15 18:20 +0100
Re: Hash stability Peter Otten <__peter__@web.de> - 2012-01-16 09:18 +0100
Re: Hash stability Christian Heimes <lists@cheimes.de> - 2012-01-16 09:44 +0100
Re: Hash stability Heiko Wundram <modelnine@modelnine.org> - 2012-01-16 10:15 +0100
csiph-web