Why Do Python 3.3 Hash Values Differ Between Sessions?
Hash Function in Python 3.3: Why Different Results are Returned Between Sessions
In Python 3.3, the internal hash() function behaves unexpectedly, returning different hash values for the same string in different sessions. This phenomenon stems from Python's use of a random hash seed as a security measure.
The random hash seed is employed to prevent attackers from exploiting predictable keys that could cause tar-pitting attacks. By adding a random offset to the hash, attackers cannot anticipate which keys will collide.
To control the behavior of the hash function, the PYTHONHASHSEED environment variable can be set. A fixed positive seed can be specified to deter randomness, while setting it to 0 disables the seed offset entirely.
Prior to Python 3.3, the random hash seed was disabled; however, it became enabled by default. This change affects not only sets but also dictionaries in Python versions 3.5 and earlier.
Furthermore, object.__hash__() has a special behavior:
- For str, bytes, and datetime objects, the hash values are "salted" with an unpredictable value, making them consistent within a process but unpredictable across sessions.
- This measure prevents denial-of-service attacks based on exploiting worst-case dictionary insertion.
It is important to note that hash values impact the iteration order of mappings such as dicts and sets. However, such ordering is not guaranteed by Python and may vary between different builds and versions.
For consistent hashing, consider using the hashlib module, which provides cryptographic hash functions. Additionally, pybloom utilizes this approach for stability.
While the random hash seed offset makes it difficult for attackers to determine the offset, it also prevents the storage of the offset itself. However, this ensures that attackers cannot use timing attacks to determine the seed.
The above is the detailed content of Why Do Python 3.3 Hash Values Differ Between Sessions?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to solve the permissions problem encountered when viewing Python version in Linux terminal?
Apr 01, 2025 pm 05:09 PM
Solution to permission issues when viewing Python version in Linux terminal When you try to view Python version in Linux terminal, enter python...
How to avoid being detected by the browser when using Fiddler Everywhere for man-in-the-middle reading?
Apr 02, 2025 am 07:15 AM
How to avoid being detected when using FiddlerEverywhere for man-in-the-middle readings When you use FiddlerEverywhere...
How to teach computer novice programming basics in project and problem-driven methods within 10 hours?
Apr 02, 2025 am 07:18 AM
How to teach computer novice programming basics within 10 hours? If you only have 10 hours to teach computer novice some programming knowledge, what would you choose to teach...
How to efficiently copy the entire column of one DataFrame into another DataFrame with different structures in Python?
Apr 01, 2025 pm 11:15 PM
When using Python's pandas library, how to copy whole columns between two DataFrames with different structures is a common problem. Suppose we have two Dats...
How does Uvicorn continuously listen for HTTP requests without serving_forever()?
Apr 01, 2025 pm 10:51 PM
How does Uvicorn continuously listen for HTTP requests? Uvicorn is a lightweight web server based on ASGI. One of its core functions is to listen for HTTP requests and proceed...
How to handle comma-separated list query parameters in FastAPI?
Apr 02, 2025 am 06:51 AM
Fastapi ...
How to solve permission issues when using python --version command in Linux terminal?
Apr 02, 2025 am 06:36 AM
Using python in Linux terminal...
How to get news data bypassing Investing.com's anti-crawler mechanism?
Apr 02, 2025 am 07:03 AM
Understanding the anti-crawling strategy of Investing.com Many people often try to crawl news data from Investing.com (https://cn.investing.com/news/latest-news)...
