[Python-Dev] Hash collision security issue (now public)

Ned Batchelder ned at nedbatchelder.com
Thu Dec 29 17:25:37 CET 2011

On 12/28/2011 9:09 PM, Raymond Hettinger wrote:
> Also, randomizing the hash wreaks havoc on doctests, book examples
> not matching actual dict reprs, and on efforts by users to optimize
> the insertion order into dicts with frequent lookups.
I don't have a strong opinion about what to do about this vulnerability, 
but I know that none of these three reasons are a good reason to not 
change anything.  Dictionary key order has never been guaranteed, and 
changes from time to time.  Any code relying on it is broken to begin 
with. This is one of the reasons not to use doctests in the first place: 
comparing dicts textually has always been silly.


More information about the Python-Dev mailing list