Paul McMillan <p...@mcmillan.ws> added the comment: > My proposition only adds two XOR to hash(str) (outside the loop on Unicode > characters), so I expect a ridiculous overhead. I don't know yet how hard it > is to guess the secret from hash(str) output.
It doesn't work much better than a single random seed. Calculating the hash of a null byte gives you the xor of your two seeds. An attacker can still cause collisions inside the vulnerable hash function, your change doesn't negate those internal collisions. Also, strings of all null bytes collide trivially. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13703> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
