[Python-Dev] Hash collision security issue (now public)

Christian Heimes lists at cheimes.de
Thu Dec 29 23:50:16 CET 2011

Am 29.12.2011 23:28, schrieb Terry Reedy:
> As I understood the talk (actually, the bit of Perl interpreter C code 
> shown), the randomization is to change hash(s) to hash(salt+s) so that 
> the salt is completely mixed into the hash from the beginning, rather 
> than just tacked on at the end.

Yes, the Perl and Ruby code uses a random seed as IV for hash
generation. It's the best way to create randomized hashes but it might
not be a feasible fix for Python 2.x. I'm worried that it might break
applications that rely on stable hash values.

More information about the Python-Dev mailing list