[Python-Dev] Hash collision security issue (now public)

Christian Heimes lists at cheimes.de
Mon Jan 2 16:18:41 CET 2012

Am 02.01.2012 06:55, schrieb Paul McMillan:
> I think Ruby uses FNV-1 with a salt, making it less vulnerable to
> this. FNV is otherwise similar to our existing hash function.
> For the record, cryptographically strong hash functions are in the
> neighborhood of 400% slower than our existing hash function.

I've pushed a new patch

The changeset adds the murmur3 hash algorithm with some minor changes,
for example more random seeds. At first I was worried that murmur might
be slower than our old hash algorithm. But in fact it seems to be faster!

Pybench 10 rounds on my Core2 Duo 2.60:

  py3k: 3.230 sec
  randomahash: 3.182 sec


More information about the Python-Dev mailing list