Ashwin Ramaswami <aramaswa...@gmail.com> added the comment:
> Making the numeric hash non-predictable while maintaining its current > properties would be difficult. Why so? > In fact, I think it's reasonable to assume that there are no websites > vulnerable to a DOS via *numeric* hash collisions until we see evidence > otherwise. I'd expect that there are *way* more places where a dict is being > constructed with string keys in this way than with numeric keys. That's true, but why do we restrict ourselves to websites? This is how I see it: As a Python developer, it seems like my program is immune to hash collision DoS if I use strings/bytes as dictionary keys, but *not* if my keys, say, are tuples of strings. Why not make the hash non-predictable for all builtin types by default? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue29535> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com