[Python-Dev] Hash collision security issue (now public)

Mark Shannon mark at hotpy.org
Fri Jan 6 10:18:39 CET 2012

Serhiy Storchaka wrote:
> 06.01.12 02:10, Nick Coghlan написав(ла):
>> Not a good idea - a lot of the 3rd party tests that depend on dict
>> ordering are going to be using those modules anyway, so scattering our
>> solution across half the standard library is needlessly creating
>> additional work without really reducing the incompatibility problem.
>> If we're going to change anything, it may as well be the string
>> hashing algorithm itself.
> Changing the string hashing algorithm will hit the general performance 
> and also will break down any code that depend on dict ordering. 
> Specialized dict slow down only needed parts of some applications.

The minimal proposed change of seeding the hash from a global value (a 
single memory read and an addition) will have such a minimal performance 
effect that it will be undetectable even on the most noise-free testing 


More information about the Python-Dev mailing list