Antoine Pitrou <pit...@free.fr> added the comment: > OTOH, the collision counting patch is very simple, doesn't have > the performance issues and provides real protection against the > attack.
I don't know about real protection: you can still slow down dict construction by 1000x (the number of allowed collisions per lookup), which can be enough combined with a brute-force DOS. Also, how about false positives? Having legitimate programs break because of legitimate data would be a disaster. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13703> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
