[Python-Dev] Status of the fix for the hash collision vulnerability
solipsis at pitrou.net
Sat Jan 14 09:33:28 CET 2012
On Sat, 14 Jan 2012 13:55:22 +1100
Steven D'Aprano <steve at pearwood.info> wrote:
> On 14/01/12 12:58, Gregory P. Smith wrote:
> > I do like *randomly seeding the hash*. *+1*. This is easy. It can easily be
> > back ported to any Python version.
> > It is perfectly okay to break existing users who had anything depending on
> > ordering of internal hash tables. Their code was already broken.
> For the record:
> steve at runes:~$ python -c "print(hash('spam ham'))"
> steve at runes:~$ jython -c "print(hash('spam ham'))"
Not to mention:
$ ./python -c "print(hash('spam ham'))"
More information about the Python-Dev