[Python-Dev] Algoritmic Complexity Attack on Python

Guido van Rossum guido@python.org
Sat, 31 May 2003 12:55:21 -0400

> On Fri, May 30, 2003 at 08:41:54PM -0400, Guido van Rossum wrote:
> > Of course, such programs are already vulnerable to changes in the hash
> > implementation between Python versions (which has happened before).
> Is there at least a guarantee that the hashing algorithm won't change in a
> bugfix release?  For instance, can I depend that
> 	python222 -c 'print hash(1), hash("a")'
> 	python223 -c 'print hash(1), hash("a")'
> will both output the same thing, even if
> 	python23 -c 'print hash(1), hash("a")'
> and
> 	python3000 -c 'print hash(1), hash("a")'
> may print something different?

That's a reasonable assumption, yes.  We realize that changing the
hash algorithm is a feature change, even if it is a very subtle one.

--Guido van Rossum (home page: http://www.python.org/~guido/)