[Python-Dev] Hash collision security issue (now public)

Guido van Rossum guido at python.org
Sun Jan 1 00:56:00 CET 2012

ISTM the only reasonable thing is to have a random seed picked very early
in the process, to be used to change the hash() function of
str/bytes/unicode (in a way that they are still compatible with each other).

The seed should be unique per process except it should survive fork() (but
not exec()). I'm not worried about unrelated processes needing to have the
same hash(), but I'm not against offering an env variable or command line
flag to force the seed.

I'm not too concerned about a 3rd party being able to guess the random seed
-- this would require much more effort on their part, since they would have
to generate a new set of colliding keys each time they think they have
guessed the hash (as long as they can't force the seed -- this actually
argues slightly *against* offering a way to force the seed, except that we
have strong backwards compatibility requirements).

We need to fix this as far back as Python 2.6, and it would be nice if a
source patch was available that works on Python 2.5 -- personally I do have
a need for a 2.5 fix and if nobody creates one I will probably end up
backporting the fix from 2.6 to 2.5.

Is there a tracker issue yet? The discussion should probably move there.

PS. I would propose a specific fix but I can't seem to build a working
CPython from the trunk on my laptop (OS X 10.6, Xcode 4.1). I get this
error late in the build:

./python.exe -SE -m sysconfig --generate-posix-vars
Fatal Python error: Py_Initialize: can't initialize sys standard streams
Traceback (most recent call last):
  File "/Users/guido/cpython/Lib/io.py", line 60, in <module>
make: *** [Lib/_sysconfigdata.py] Abort trap

--Guido van Rossum (python.org/~guido)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20111231/a67c3c8d/attachment.html>

More information about the Python-Dev mailing list