[Python-Dev] Hashes in Python3.5 for tuples and frozensets
Raymond Hettinger
raymond.hettinger at gmail.com
Wed May 16 18:10:07 EDT 2018
> On May 16, 2018, at 5:48 PM, Anthony Flury via Python-Dev <python-dev at python.org> wrote:
>
> However the frozen set hash, the same in both cases, as is the hash of the tuples - suggesting that the vulnerability resolved in Python 3.3 wasn't resolved across all potentially hashable values.
You are correct. The hash randomization only applies to strings. None of the other object hashes were altered. Whether this is a vulnerability or not depends greatly on what is exposed to users (generally strings) and how it is used.
For the most part, it is considered a feature that integers hash to themselves. That is very fast to compute :-) Also, it tends to prevent hash collisions for consecutive integers.
Raymond
More information about the Python-Dev
mailing list