[New-bugs-announce] [issue27706] Random.seed, whose purpose is purportedly determinism, behaves non-deterministically with strings due to hash randomization

[Glyph Lefkowitz]

New submission from Glyph Lefkowitz:

The purpose of 'seeding' a random number generator is usually to supply a deterministic sequence of values starting from a known point.  This works fine if you seed random.Random with an integer.  Often (for example, see Minecraft's map generation interface) one wants to begin with a human-memorable string as the seed, and superficially it would seem that passing a string to Random.seed would serve exactly this use-case.  In fact in its original incarnation it did.

However, since the introduction of PYTHONHASHSEED in 2.6.8, it's possible that strings now hash to different values, and on 3.2+, they'll _always_ hash to different values unless otherwise configured (which, as per the reason for introducing this feature in the first place, is a security flaw).

Right now the way to work around this is to get some deterministic hash from your string; one mechanism being a truncated SHA256 hash, for example, like this:

Random(struct.unpack("!I", sha256(seed.encode("utf-8")).digest()[:4])[0])

but this strikes me as an obscure trick to require of someone just trying to get their D&D character generator to produce the same values twice in a row for unit testing.

I'm not sure what the resolution should be, but I figured I should report this since I tripped over it.

----------
components: Library (Lib)
messages: 272137
nosy: glyph
priority: normal
severity: normal
status: open
title: Random.seed, whose purpose is purportedly determinism, behaves non-deterministically with strings due to hash randomization
type: behavior

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue27706>
_______________________________________