[Python-Dev] Algoritmic Complexity Attack on Python

[Guido van Rossum]

> + If I understand what you're selling, the hash code of a given string
>   will almost certainly change across program runs.  That's a very
>   visible change in semantics, since hash() is a builtin Python
>   function available to user code.  Some programs use hash codes to
>   index into persistent (file- or database- based) data structures, and
>   such code would plain break if the hash code of a string changed
>   from one run to the next.  I expect the user-visible hash() would have
>   to continue using a predictable function.

Of course, such programs are already vulnerable to changes in the hash
implementation between Python versions (which has happened before).

--Guido van Rossum (home page: http://www.python.org/~guido/)