-
-
Notifications
You must be signed in to change notification settings - Fork 30.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add hash auto-randomization #76356
Comments
Hash auto-randomization is a mechanism to detect when a collision attack is underway and switch to a randomized keying scheme at that point. This patch is for the 2.7 branch, where hash randomization is not on by default. Using collided strings from https://github.com/Storyyeller/fnv-collider/tree/master/collided_strings, 10 "attacks" of roughly 50,000 collided strings were launched against this. The unmodified Python had a median insert time of roughly 4.32 seconds and a median retrieve time of roughly 4.40 seconds. With the auto-randomized version of Python, the median insert time was roughly 3.99 seconds and median retrieve time was roughly 3.57 seconds. This is a 7.7% and 18.9% savings, respectively. |
Raymond, dicts are your area of expertise. I'm -0 on the patch. The check is going to slow down dicts and it's really easy to enable randomization with an env var or command line argument. |
It was decided to leave the hash randomization disabled by default for backward compatibility. It's a deliberate choice. I don't think that we need to go further for Python 2.7. I never considered this denial of service attach as major, there are many other ways to trigger a DoS, and fixing the dict type is not the right way to prevent this class of attacks. HTTP clients and frameworks like http.client and Django implemented other countermeasures like limiting the number of HTTP headers. The problem was correctly fixed in Python 3: randomization enabled by default since Python 3.3, and Python 3.4 now uses SipHash which better hides the hash secret. More info at: |
Agreed this is not desirable at this point. Let's leave 2.7 like it is. |
Marking as closed for the reasons listed by the other respondents. |
By the way, for a few other reasons, Python 3 is more secure than Python 2.7. If you care of security, please upgrade! |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: