[Python-Dev] Make str/bytes hash algorithm pluggable?
Antoine Pitrou
solipsis at pitrou.net
Fri Oct 4 17:57:11 CEST 2013
More information about the Python-Dev mailing list
Fri Oct 4 17:57:11 CEST 2013
- Previous message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Next message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Le Fri, 04 Oct 2013 17:13:32 +0200, martin at v.loewis.de a écrit : > > Whether this is a serious threat or not depends on what other threats > the system being attacked is vulnerable to. Maybe there is something > even simpler, or maybe the hash attack is the only hope of bringing > the system to its knees. > > IMO, the hash attack is particularly tricky since it is very easy to > argue and very difficult to demonstrate. If you know how to generate colliding hashes, it's actually relatively easy to demonstrate, assuming you know how a particular Web application processes its incoming requests (which you do if it's a standard Web application such as hgweb). Regards Antoine.
- Previous message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Next message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list