Subject: Re: [boost] [optional] operator<(optional<T>, T) -- is it wrong?
From: Niall Douglas (s_sourceforge_at_[hidden])
Date: 2014-12-04 08:50:31
On 3 Dec 2014 at 11:24, Howard Hinnant wrote:
> > I just tried your script on Python 3.4 and got 0 candidate solutions
> > whereas 2.7 does yield solutions. I don't claim their chosen solution
> > is foolproof, but Python probably does see a lot more untrusted
> > inputs than probably C++ does. If there were a gaping security hole
> > there, we would surely have heard about it.
> More info on why this attack failed on Python 3.4:
> These articles claim that Python 3.4 and forward have simply adopted SipHash.
Yes, you are correct. See http://lwn.net/Articles/574761/.
Python's adoption of SipHash as their core hash function wins it for
me, at least on 64 bit architectures only. Apparently it matches
FNV-1 for longer runs of bytes too, only on short strings does it
> For anyone interested, there is a hash_append-compatible implementation
> of the SipHash24 variant here, in the files siphash.h/siphash.cpp:
I think this sufficiently important to warrant a separate N-paper
proposing a std::secure_hash<T> based on SipHash. Howard, you up for
-- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk