[Python-Dev] Hash collision security issue (now public)

Terry Reedy tjreedy at udel.edu
Sat Jan 7 21:53:29 CET 2012

On 1/7/2012 12:57 PM, Christian Heimes wrote:
> Am 07.01.2012 12:02, schrieb Stefan Behnel:

>> Admittedly, this may require some adaptation for the PEP393 unicode memory
>> layout in order to produce identical hashes for all three representations
>> if they represent the same content. So it's not a drop-in replacement.
> Is this condition required and implemented at the moment?

If o1 == o2, then hash(o1) == hash(o2) is an unstated requirement 
implied by "They [hash values] are used to quickly compare dictionary 
keys during a dictionary lookup." since hash(o1) != hash(o2) is taken to 
mean o1 != o2 (whereas hash(o1) == hash(o2) is taken to mean o1 == o2 is 
possible but must be checked). Hashing should be a coarsening of == as 
an equivalence relationship.

Terry Jan Reedy

More information about the Python-Dev mailing list