01:12 <Corbin> Whoo, vmprof is much easier the second time around. I was ready for it. Does vmprof_execute_code go around the JIT merge point, or do the JIT merge points go around the function decorated with vmprof_execute_code? I think I got it backwards.

08:41 <cfbolz> Corbin: sorry, I have no idea

14:37 <arigato> C

14:38 <arigato> cfbolz : nowadays there is good hash randomization for strings in cpython and pypy, if I remember correctly

14:39 <arigato> So if you have a dictionary of ints, you can str() the keys...

14:39 <cfbolz> arigato: ah, it applies only to strings?

14:40 <arigato> Yes, and maybe bytes and I think datetime??

14:41 <cfbolz> Hm

14:42 <cfbolz> So the solution would be to apply it systematically to everything?

14:42 <cfbolz> With an xor maybe?

14:43 <arigato> I

14:43 <arigato> With ints, I don't think applying xor helps, because hashes with the same low bits will still have the same low bits

14:44 <cfbolz> so you would really need to mix the bits

14:44 <cfbolz> (which is anyway a good idea maybe given that consecutive ints are common)

14:44 <arigato> Or just str() and then rely on the string hash, which should be strong

14:45 <cfbolz> arigato: ok, but also the wrong complexity somehow

14:45 <arigato> I mean, as a solution for the OP of that issu

14:45 <arigato> Not for pypy itself, no

14:45 <cfbolz> right

14:45 <cfbolz> for the op, I am not sure

14:46 <cfbolz> it sounds like they just want to use dicts directly

14:49 <arigato> He mentions using xor but I'm not sure it helps, I think at most it changes slightly the collisions in a discoverable way

14:50 <cfbolz> arigato: yes, but he also says: "While this is the best work around that I could think of, it also makes the code a mess. So I really don't want to have to do this."

14:59 <arigato> Note that even if all dicts were to transform the hash they get with any bijection of the set of 64-bits ints, it doesn't help in all cases

15:00 <cfbolz> arigato: right

15:01 <arigato> Maybe the attacker can generate 128-bit integers of its choosing, and then he can pick many of them with the same 64-bit hash

15:01 <cfbolz> arigato: also as soon as any info on the randomized hash from inputs you control leaks, it's over anyway

15:01 <cfbolz> So in many ways it's just the wrong tool

15:01 <arigato> That's why the good hash randomization works on strings in the first place, instead of on hashes

15:02 <cfbolz> Yes

15:03 <arigato> I think the string hash randomization is good because you can't predict which other strings will collide even if you have exemples of collision or non-collision

15:05 <arigato> I'm not sure it helps against a determined attacker though

15:07 <arigato> Assuming there is a probe that answers samehashbits(str1, str2, nbits)

15:14 <arigato> ... No, I don't see a way, I think the attacker needs to probe one million strings in order to get 1000 of them with the same 10 bits

15:15 <arigato> And then he sends these 1000 strings and the program is quadratic, but he already had to do a quadratic number of probes

15:16 <arigato> So at best it's amortized

15:18 <cfbolz> arigato: I see

15:19 <arigato> Maybe he can repeatedly send these 1000 strings, or something

15:20 <arigato> Looks unpractical still