[Python-Dev] Hash collision security issue (now public)
tjreedy at udel.edu
Sat Jan 7 21:53:29 CET 2012
On 1/7/2012 12:57 PM, Christian Heimes wrote:
> Am 07.01.2012 12:02, schrieb Stefan Behnel:
>> Admittedly, this may require some adaptation for the PEP393 unicode memory
>> layout in order to produce identical hashes for all three representations
>> if they represent the same content. So it's not a drop-in replacement.
> Is this condition required and implemented at the moment?
If o1 == o2, then hash(o1) == hash(o2) is an unstated requirement
implied by "They [hash values] are used to quickly compare dictionary
keys during a dictionary lookup." since hash(o1) != hash(o2) is taken to
mean o1 != o2 (whereas hash(o1) == hash(o2) is taken to mean o1 == o2 is
possible but must be checked). Hashing should be a coarsening of == as
an equivalence relationship.
Terry Jan Reedy
More information about the Python-Dev