[issue13703] Hash collision security issue

Christian Heimes report at bugs.python.org
Thu Jan 5 11:20:27 CET 2012

Christian Heimes <lists at cheimes.de> added the comment:

It's quite possible that a user has created a function (by mistake or deliberately) that gives away the hash of an arbitrary string. We haven't taught developers that (s)he shouldn't disclose the hash of a string.

> Why should hash("") always return 0?
> I can't find it in the docs anywhere.

hash("") should return something constant that doesn't reveal information about the random seeds. 0 is an arbitrary choice that is as good as anything else. hash("") already returns 0, hence my suggestion for 0.


Python tracker <report at bugs.python.org>

More information about the Python-bugs-list mailing list