[Python-Dev] Hash collision security issue (now public)
Terry Reedy
tjreedy at udel.edu
Wed Jan 4 01:41:53 CET 2012
On 1/3/2012 5:02 PM, Bill Janssen wrote:
> Software that depends on an undefined hash function for synchronization
> and persistence deserves to break, IMO. There are plenty of
> well-defined hash functions available for this purpose.
The doc for id() now says "This is an integer which is guaranteed to be
unique and constant for this object during its lifetime." Since the
default 3.2.2 hash for my win7 64bit CPython is id-address // 16, it can
have no longer guarantee. I suggest that hash() doc say something
similar: http://bugs.python.org/issue13707
--
Terry Jan Reedy
More information about the Python-Dev
mailing list