[Python-Dev] Hash collision security issue (now public)

Terry Reedy tjreedy at udel.edu
Wed Jan 4 01:41:53 CET 2012

On 1/3/2012 5:02 PM, Bill Janssen wrote:

> Software that depends on an undefined hash function for synchronization
> and persistence deserves to break, IMO.  There are plenty of
> well-defined hash functions available for this purpose.

The doc for id() now says "This is an integer which is guaranteed to be 
unique and constant for this object during its lifetime." Since the 
default 3.2.2 hash for my win7 64bit CPython is id-address // 16, it can 
have no longer guarantee. I suggest that hash() doc say something 
similar: http://bugs.python.org/issue13707

Terry Jan Reedy

More information about the Python-Dev mailing list