On Thu, 29 Dec 2011 13:57:07 +0100 Armin Ronacher email@example.com wrote:
- Option c: Random salt at runtime
- Easy to implement
- impossible to synchronize
- breaks unittests in the same way as a compiled in salt would do
This option would have my preference. I don't think hash() was ever meant to be "synchronizable". Already using a 32-bit Python will give you different results from a 64-bit Python.
As for breaking unittests, these tests were broken in the first place. hash() does change from time to time.
Where to add the salt to? Unicode strings and bytestrings (byte objects) I guess since those are the most common offenders. Sometimes tuples are keys of dictionaries but in that case a contributing factor to the hash is the string in the tuple anyways.
Or it could be a process-wide constant for all dicts. If the constant is additive as proposed by Mark the impact should be negligible. (but the randomness must be good enough)