Ashwin Ramaswami <aramaswa...@gmail.com> added the comment:

> Making the numeric hash non-predictable while maintaining its current 
> properties would be difficult.

Why so?

> In fact, I think it's reasonable to assume that there are no websites 
> vulnerable to a DOS via *numeric* hash collisions until we see evidence 
> otherwise. I'd expect that there are *way* more places where a dict is being 
> constructed with string keys in this way than with numeric keys.

That's true, but why do we restrict ourselves to websites? This is how I see 
it: As a Python developer, it seems like my program is immune to hash collision 
DoS if I use strings/bytes as dictionary keys, but *not* if my keys, say, are 
tuples of strings. Why not make the hash non-predictable for all builtin types 
by default?

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue29535>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to