[Python-Dev] Hash collision security issue (now public)
ned at nedbatchelder.com
Thu Dec 29 17:25:37 CET 2011
On 12/28/2011 9:09 PM, Raymond Hettinger wrote:
> Also, randomizing the hash wreaks havoc on doctests, book examples
> not matching actual dict reprs, and on efforts by users to optimize
> the insertion order into dicts with frequent lookups.
I don't have a strong opinion about what to do about this vulnerability,
but I know that none of these three reasons are a good reason to not
change anything. Dictionary key order has never been guaranteed, and
changes from time to time. Any code relying on it is broken to begin
with. This is one of the reasons not to use doctests in the first place:
comparing dicts textually has always been silly.
More information about the Python-Dev