Martin v. Löwis <mar...@v.loewis.de> added the comment: > Frankly, other short strings may give away even more, because you can > put several into the same dict.
Please don't make such claims without some reasonable security analysis: how *exactly* would you derive the hash seed when you have the hash values of all 256 one-byte strings (or all 2**20 one-char Unicode strings)? > I would prefer that the randomization not kick in until strings are at > least 8 characters, but I think excluding length 1 is a pretty obvious > win. -1. It is very easy to create a good number of hash collisions already with 6-character strings. You are opening the security hole again that we are attempting to close. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13703> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
