Message 320265 - Python tracker

Message320265

Author	barry
Recipients	barry, christian.heimes, vstinner
Date	2018-06-22.20:53:09
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1529700789.6.0.56676864532.issue33919@psf.upfronthosting.co.za>
In-reply-to

Content
I think there's another thing I'd like to change, and it seems like it's "just" an implementation detail. In _Py_HashRandomization_Init(), if use_hash_seed is 0, then we directly inject the random bits into the buffer, and then there's no hash_seed. I'd like to change that so that if use_hash_seed is 0, then we create a random hash seed first, and then call lcg_urandom() for the hash secret. That way, even if Python itself uses a random hash seed, we'll have a record of that in the runtime that can be used to reproduce the hashing. In this case, I'd still leave use_hash_seed == 0, and that would tell you what combinations of env vars were used.

Content

I think there's another thing I'd like to change, and it seems like it's "just" an implementation detail.  In _Py_HashRandomization_Init(), if use_hash_seed is 0, then we directly inject the random bits into the buffer, and then there's no hash_seed.  I'd like to change that so that if use_hash_seed is 0, then we create a random hash seed first, and then call lcg_urandom() for the hash secret.  That way, even if Python itself uses a random hash seed, we'll have a record of that in the runtime that can be used to reproduce the hashing.  In this case, I'd still leave use_hash_seed == 0, and that would tell you what combinations of env vars were used.

History
Date	User	Action	Args
2018-06-22 20:53:09	barry	set	recipients: + barry, vstinner, christian.heimes
2018-06-22 20:53:09	barry	set	messageid: <1529700789.6.0.56676864532.issue33919@psf.upfronthosting.co.za>
2018-06-22 20:53:09	barry	link	issue33919 messages
2018-06-22 20:53:09	barry	create