#pypy on 2018-09-10 — irc logs at freenode.irclog.whitequark.org

2018-02-26 15:52 cfbolz changed the topic of #pypy to: PyPy, the flexible snake (IRC logs: https://botbot.me/freenode/pypy/ ) | use cffi for calling C | the secret reason for us trying to get PyPy users: to test the JIT well enough that we're somewhat confident about it

00:01 arigato has quit [Quit: Leaving]

00:50 Hasimir has joined #pypy

01:03 TheAdversary has joined #pypy

01:06 vpelletier has quit [Quit: leaving]

01:15 dddddd has quit [Remote host closed the connection]

01:20 Hasimir has quit [Remote host closed the connection]

01:20 TheAdversary has quit [Remote host closed the connection]

02:18 user24 has joined #pypy

03:11 jcea has quit [Quit: jcea]

03:55 forgottenone has joined #pypy

03:57 <_aegis_> wait, does pypy not use a keyed hash for dicts?

03:58 <_aegis_> (looking at "differences from cpython" page)

05:43 ceridwen has quit [Remote host closed the connection]

05:48 ceridwen has joined #pypy

05:48 ceridwen has quit [Changing host]

05:54 <cfbolz> _aegis_: what is a "keyed hash"?

05:57 user24 has quit [Quit: Leaving]

06:09 <_aegis_> unkeyed hash would be something like modulo, djbhash, crc32, murmur3, or md5 run directly against the input and modulo'd to find the hash bucket

06:10 <_aegis_> keyed hash would be something like SipHash, HMAC, etc

06:10 <_aegis_> I'm asking in the context of hash table collision attacks

06:10 <_aegis_> where the differences page says "notice how python's hash table randomization is vulnerable anyway? so we didn't implement that / -R"

06:10 <_aegis_> *vulnerable before 3.4

06:11 <_aegis_> so I'm assuming based on that statement even pypy3 doesn't implement any kind of defensive hash function that mitigates malicious collision

06:12 <_aegis_> (a common example would be a web server DoS where the user controls a bunch of hash keys, like parameters, post values, http headers, or whatever, and forces them all into the same hash table bucket

06:13 <_aegis_> so every lookup requires O(N) scan on maybe a >10k entry bucket

06:13 <cfbolz> _aegis_: ah, I see. sorry, I don't actually know what the status of that is on pypy3

06:14 <_aegis_> looks like python 3.4 uses SipHash

06:15 <_aegis_> (anywhere there are 64-bit registers anyway)

06:15 oberstet has quit [Ping timeout: 245 seconds]

06:19 tayfun26 has joined #pypy

06:20 <cfbolz> yes, seems so

06:51 <LarstiQ> _aegis_: iirc pypy can do SipHash too

06:51 jamesaxl has quit [Ping timeout: 252 seconds]

07:14 forgottenone has quit [Read error: Connection reset by peer]

07:54 lritter has joined #pypy

08:04 antocuni has joined #pypy

08:08 jacob22__ has quit [Quit: Konversation terminated!]

08:08 <kenaan> arigo py3.6 6be2fb2a8b03 /pypy/interpreter/astcompiler/test/test_compiler.py: Test for issue #2884

08:08 jacob22__ has joined #pypy

08:18 <kenaan> arigo py3.6 dd78db026ae0 /pypy/interpreter/astcompiler/symtable.py: Fix for 6be2fb2a8b03 (issue2884)

08:19 oberstet has joined #pypy

08:48 antocuni has quit [Ping timeout: 250 seconds]

10:34 lritter has quit [Ping timeout: 240 seconds]

11:02 dddddd has joined #pypy

12:19 antocuni has joined #pypy

12:26 _whitelogger has joined #pypy

12:57 <mjacob> _aegis_: we didn't follow CPython in implementing their first (unsuccessful) attempt to fix the problem

12:57 <mjacob> _aegis_: however we followed CPython in implementing the second attempt to fix the problem with a cryptographic hash function

12:59 <mjacob> _aegis_: (see also sys.hash_info)

13:05 adamholmberg has joined #pypy

13:22 jcea has joined #pypy

13:53 _whitelogger has joined #pypy

14:03 fryguybob has quit [Read error: Connection reset by peer]

14:03 fryguybob has joined #pypy

14:22 marky1991 has joined #pypy

14:25 adamholmberg has quit [Remote host closed the connection]

14:26 adamholmberg has joined #pypy

14:26 adamholmberg has quit [Read error: Connection reset by peer]

14:27 adamholm_ has joined #pypy

14:54 <_aegis_> ok so the differences page either doesn't take pypy3 into account, or is otherwise out of date?

14:58 <_aegis_> oh no I do see some pypy3 entries, so that should have a note that pypy2 is the one that doesn't have hash randomization?

15:07 marky1991 has quit [Ping timeout: 240 seconds]

15:23 tayfun26 has quit [Quit: tayfun26]

15:51 ronan has quit [Ping timeout: 252 seconds]

15:59 oberstet has quit [Ping timeout: 252 seconds]

16:03 ronan has joined #pypy

16:16 oberstet has joined #pypy

16:22 <cfbolz> _aegis_: yes, seems true

16:45 kanaka has joined #pypy

16:45 kanaka has quit [Changing host]

16:45 kanaka has joined #pypy

17:34 antocuni has quit [Ping timeout: 252 seconds]

18:34 oberstet has quit [Read error: Connection reset by peer]

18:34 oberstet2 has joined #pypy

21:49 adamholm_ has quit [Remote host closed the connection]

21:49 adamholmberg has joined #pypy

22:35 _whitelogger has joined #pypy

22:35 adamholmberg has joined #pypy

22:39 adamholmberg has quit [Ping timeout: 245 seconds]

22:42 adamholmberg has joined #pypy

22:46 antocuni has joined #pypy

23:15 adamholmberg has quit [Remote host closed the connection]

23:16 adamholmberg has joined #pypy

23:20 adamholmberg has quit [Ping timeout: 252 seconds]