[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Python-Dev] Hashes in Python3.5 for tuples and frozensets



> On May 16, 2018, at 5:48 PM, Anthony Flury via Python-Dev <python-dev at python.org> wrote:
> 
> However the frozen set hash, the same in both cases, as is the hash of the tuples - suggesting that the vulnerability resolved in Python 3.3 wasn't resolved across all potentially hashable values.

You are correct.  The hash randomization only applies to strings.  None of the other object hashes were altered.  Whether this is a vulnerability or not depends greatly on what is exposed to users (generally strings) and how it is used.

For the most part, it is considered a feature that integers hash to themselves.  That is very fast to compute :-) Also, it tends to prevent hash collisions for consecutive integers.



Raymond