Skip to content

Hash collision security issue #57912

New issue
New issue
Closed
Closed
Hash collision security issue#57912
Labels
3.11only security fixesinterpreter-core(Objects, Python, Grammar, and Parser dirs)release-blockertype-securityA security issue
@warsaw

Description

@warsaw
warsaw
opened on Jan 3, 2012
BPO 13703
Nosy @malemburg, @gvanrossum, @tim-one, @loewis, @warsaw, @birkenfeld, @terryjreedy, @gpshead, @jcea, @mdickinson, @pitrou, @tiran, @benjaminp, @serwy, @merwok, @alex, @skrah, @davidmalcolm, @bz2, @markshannon, @ericsnowcurrently, @JimJJewett, @PaulMcMillan
Dependencies
  • bpo-13704: Random number generator in Python core
    		•
    Files
  • hash-attack.patch
  • SafeDict.py: SafeDict implementation
  • bench_startup.py
  • random-8.patch
  • hash-collision-counting-dmalcolm-2012-01-20-001.patch
  • amortized-probe-counting-dmalcolm-2012-01-20-002.patch
  • amortized-probe-counting-dmalcolm-2012-01-21-003.patch
  • hash-attack-2.patch
  • hash-attack-3.patch
  • integercollision.py
  • backport-of-hash-randomization-to-2.7-dmalcolm-2012-01-23-001.patch: Backport of haypo's random-8.patch to 2.7
  • hybrid-approach-dmalcolm-2012-01-25-001.patch: Hybrid approach to solving dict DoS attack
  • hybrid-approach-dmalcolm-2012-01-25-002.patch
  • optin-hash-randomization-for-3.1-dmalcolm-2012-01-27-001.patch
  • optin-hash-randomization-for-3.1-dmalcolm-2012-01-28-001.patch
  • optin-hash-randomization-for-3.1-dmalcolm-2012-01-29-001.patch
  • unnamed
  • optin-hash-randomization-for-3.1-dmalcolm-2012-01-30-001.patch
  • optin-hash-randomization-for-3.1-dmalcolm-2012-01-30-002.patch
  • optin-hash-randomization-for-2.6-dmalcolm-2012-01-30-001.patch
  • results-16.txt
  • add-randomization-to-2.6-dmalcolm-2012-02-01-001.patch
  • fix-broken-tests-on-2.6-dmalcolm-2012-02-01-001.patch
  • add-randomization-to-3.1-dmalcolm-2012-02-01-001.patch
  • fix-broken-tests-on-3.1-dmalcolm-2012-02-01-001.patch
  • add-randomization-to-2.6-dmalcolm-2012-02-06-001.patch
  • fix-broken-tests-on-2.6-dmalcolm-2012-02-06-001.patch
  • add-randomization-to-3.1-dmalcolm-2012-02-06-001.patch
  • fix-broken-tests-on-3.1-dmalcolm-2012-02-06-001.patch
  • add-randomization-to-2.6-dmalcolm-2012-02-11-001.patch
  • add-randomization-to-3.1-dmalcolm-2012-02-11-001.patch
  • add-randomization-to-2.6-dmalcolm-2012-02-13-001.patch
  • add-randomization-to-3.1-dmalcolm-2012-02-13-001.patch
  • hash-patch-3.1-gb-03.patch
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2012-03-13.22:25:45.919>
created_at = <Date 2012-01-03.19:36:49.855>
labels = ['type-security', 'interpreter-core', 'release-blocker', '3.11']
title = 'Hash collision security issue'
updated_at = <Date 2021-11-08.16:57:10.080>
user = 'https://github.com/warsaw'

    bugs.python.org fields:

    activity = <Date 2021-11-08.16:57:10.080>
actor = 'vstinner'
assignee = 'none'
closed = True
closed_date = <Date 2012-03-13.22:25:45.919>
closer = 'gregory.p.smith'
components = ['Interpreter Core']
creation = <Date 2012-01-03.19:36:49.855>
creator = 'barry'
dependencies = ['13704']
files = ['24151', '24169', '24223', '24259', '24286', '24288', '24289', '24295', '24299', '24300', '24304', '24320', '24324', '24343', '24353', '24365', '24366', '24370', '24371', '24375', '24385', '24391', '24392', '24393', '24394', '24434', '24435', '24436', '24437', '24490', '24491', '24514', '24515', '24563']
hgrepos = []
issue_num = 13703
keywords = ['patch']
message_count = 328.0
messages = ['150522', '150525', '150526', '150529', '150531', '150532', '150533', '150534', '150541', '150543', '150558', '150559', '150560', '150562', '150563', '150565', '150568', '150569', '150570', '150577', '150589', '150592', '150601', '150609', '150613', '150616', '150619', '150620', '150621', '150622', '150625', '150634', '150635', '150636', '150637', '150638', '150639', '150641', '150642', '150643', '150644', '150645', '150646', '150647', '150648', '150649', '150650', '150651', '150652', '150655', '150656', '150659', '150662', '150665', '150668', '150694', '150699', '150702', '150706', '150707', '150708', '150712', '150713', '150718', '150719', '150724', '150725', '150726', '150727', '150738', '150748', '150756', '150766', '150768', '150769', '150771', '150795', '150829', '150832', '150835', '150836', '150840', '150847', '150856', '150857', '150859', '150865', '150866', '150934', '151012', '151017', '151031', '151033', '151047', '151048', '151061', '151062', '151063', '151064', '151065', '151069', '151070', '151071', '151073', '151074', '151078', '151092', '151120', '151121', '151122', '151157', '151158', '151159', '151167', '151353', '151401', '151402', '151419', '151422', '151448', '151449', '151468', '151472', '151474', '151484', '151519', '151528', '151560', '151561', '151565', '151566', '151567', '151574', '151582', '151583', '151584', '151585', '151586', '151589', '151590', '151596', '151604', '151617', '151620', '151625', '151626', '151628', '151629', '151632', '151633', '151647', '151662', '151664', '151677', '151679', '151680', '151681', '151682', '151684', '151685', '151689', '151691', '151699', '151700', '151701', '151703', '151707', '151714', '151731', '151734', '151735', '151737', '151739', '151744', '151745', '151747', '151748', '151753', '151754', '151756', '151758', '151794', '151796', '151798', '151812', '151813', '151814', '151815', '151825', '151826', '151847', '151850', '151867', '151869', '151870', '151939', '151941', '151942', '151944', '151956', '151959', '151960', '151961', '151965', '151966', '151967', '151970', '151973', '151977', '151984', '152030', '152033', '152037', '152039', '152040', '152041', '152043', '152046', '152051', '152057', '152060', '152066', '152070', '152104', '152112', '152117', '152118', '152125', '152146', '152149', '152183', '152186', '152199', '152200', '152203', '152204', '152270', '152271', '152275', '152276', '152299', '152300', '152309', '152311', '152315', '152335', '152344', '152352', '152362', '152364', '152422', '152452', '152453', '152723', '152730', '152731', '152732', '152734', '152740', '152747', '152753', '152754', '152755', '152758', '152760', '152763', '152764', '152767', '152768', '152769', '152777', '152780', '152781', '152784', '152787', '152789', '152797', '152811', '152855', '153055', '153074', '153081', '153082', '153140', '153141', '153143', '153144', '153297', '153301', '153369', '153395', '153682', '153683', '153690', '153695', '153750', '153753', '153798', '153802', '153817', '153833', '153848', '153849', '153850', '153852', '153853', '153854', '153860', '153861', '153862', '153868', '153872', '153873', '153877', '153975', '153980', '154428', '154430', '154432', '154853', '155293', '155472', '155527', '155680', '155681', '155682', '405727', '405745']
nosy_count = 36.0
nosy_names = ['lemburg', 'gvanrossum', 'tim.peters', 'loewis', 'barry', 'georg.brandl', 'terry.reedy', 'gregory.p.smith', 'jcea', 'mark.dickinson', 'pitrou', 'christian.heimes', 'benjamin.peterson', 'roger.serwy', 'eric.araujo', 'grahamd', 'Arfrever', 'v+python', 'alex', 'cvrebert', 'zbysz', 'skrah', 'dmalcolm', 'gz', 'neologix', 'Arach', 'Mark.Shannon', 'python-dev', 'eric.snow', 'Zhiping.Deng', 'Huzaifa.Sidhpurwala', 'Jim.Jewett', 'PaulMcMillan', 'fx5', 'skorgu', 'jsvaughan']
pr_nums = []
priority = 'release blocker'
resolution = 'fixed'
stage = 'needs patch'
status = 'closed'
superseder = None
type = 'security'
url = 'https://bugs.python.org/issue13703'
versions = ['Python 3.11']

    Metadata

    Metadata

    Assignees

    No one assigned

      Labels

      3.11only security fixesinterpreter-core(Objects, Python, Grammar, and Parser dirs)release-blockertype-securityA security issue

      Projects

      No projects

      Milestone

      No milestone

      Relationships

      None yet

      Development

      No branches or pull requests

      Issue actions