[Python-Dev] Hash collision security issue (now public)

Paul McMillan paul at mcmillan.ws
Mon Jan 2 00:49:14 CET 2012

> Different concern. What if someone were to have code implementing an
> external, persistent hash table, using Python's hash() function? They might
> have a way to rehash everything when a new version of Python comes along,
> but they would not be happy if hash() is different in each process. I
> somehow vaguely remember possibly having seen such code, or something else
> where a bit of random data was needed and hash() was used since it's so
> easily available.

I agree that there are use cases for allowing users to choose the
random seed, in much the same way it's helpful to be able to set it
for the random number generator. This should probably be something
that can be passed in at runtime. This feature would also be useful
for users who want to synchronize the hashes of multiple independent
processes, for whatever reason. For the general case though,
randomization should be on by default.


More information about the Python-Dev mailing list