Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #19326
| From | Stefan Behnel <stefan_ml@behnel.de> |
|---|---|
| Subject | Re: String interning in Python 3 - missing or moved? |
| Date | 2012-01-24 09:17 +0100 |
| References | <CAPTjJmr5=8H9pmWMQ1Q==O1DFGe31ykOBXNzQ9YhS+W8aaAxfw@mail.gmail.com> <CAMZYqRQXfLTrwzqma=ryVKmJByzPtfQqQRa8OjGG7d+qZ7KNGA@mail.gmail.com> <jflbf2$l09$1@dough.gmane.org> <CAPTjJmrYgnYXstkdiN9T1ReV9KxjWN+wsmNita_oz4W_KzX78A@mail.gmail.com> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.5015.1327393037.27778.python-list@python.org> (permalink) |
Chris Angelico, 24.01.2012 05:47: > Lua and Pike both quite happily solved hash collision attacks in their > interning of strings by randomizing the hash used, because there's no > way to rely on it. Presumably (based on the intern() docs) Python can > do the same, if you explicitly intern your strings first. Is it worth > recommending that people do this with anything that is > client-provided, and then simply randomize the intern() hash? If you want to encourage them to fill up their memory with user provided data in a non-erasable way, then sure, that would certainly keep an attacker from having to figure out hash collisions in order to bring down a system. Sending *any* arbitrarily varied data would be enough then. Stefan
Back to comp.lang.python | Previous | Next | Find similar | Unroll thread
Re: String interning in Python 3 - missing or moved? Stefan Behnel <stefan_ml@behnel.de> - 2012-01-24 09:17 +0100
csiph-web