[Python-Dev] Status of the fix for the hash collision vulnerability
Antoine Pitrou
solipsis at pitrou.net
Sat Jan 14 09:33:28 CET 2012
On Sat, 14 Jan 2012 13:55:22 +1100
Steven D'Aprano <steve at pearwood.info> wrote:
> On 14/01/12 12:58, Gregory P. Smith wrote:
>
> > I do like *randomly seeding the hash*. *+1*. This is easy. It can easily be
> > back ported to any Python version.
> >
> > It is perfectly okay to break existing users who had anything depending on
> > ordering of internal hash tables. Their code was already broken.
>
> For the record:
>
> steve at runes:~$ python -c "print(hash('spam ham'))"
> -376510515
> steve at runes:~$ jython -c "print(hash('spam ham'))"
> 2054637885
Not to mention:
$ ./python -c "print(hash('spam ham'))"
-6071355389066156083
(64-bit CPython)
Regards
Antoine.
More information about the Python-Dev
mailing list