Frank Sievertsen <pyt...@sievertsen.de> added the comment: > Agreed; it tops out with a constant, but if it takes only 16 bytes of > input to force another run through a 1000-long collision, that may > still be too much leverage.
You should prepare the dict so that you have the collisions-run with a one-byte string or better with an even empty string, not a 16 bytes string. > BTW: If you set the limit N to e.g. 100 (which is reasonable given > Victor's and my tests), 100 is probably hard to exploit for a DoS attack. However it makes it much easier to cause unwanted (future?) exceptions in other apps. > So it would take around 3Mb to cause a minute's delay... How did you calculate that? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13703> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
