Message 150650 - Python tracker (original) (raw)

At least for Python 2.x hash(str) and hash(unicode) have to yield the same result for ASCII only strings.

Ah yes, I forgot Python 2: I wrote my patch for Python 3.3. The two hash functions should be modified to be randomized.

hash("") should always return 0

Ok, I can add a special case. Antoine told me that hash("") gives prefix ^ suffix, which is too much information for the attacker :-)

for small strings we could use a different seed than for larger strings

Why? The attack doesn't work with short strings? What do you call a "short string"?