Project

General

Profile

Bug #4103

String#hash not returning consistent values in different sessions

Added by ryanong (Ryan Ong) over 9 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
ruby -v:
ruby 1.9.2p0 (2010-08-18 revision 29036) [i386-darwin10.4.0]
Backport:
[ruby-core:33491]

Description

=begin
I open one irb session

ruby-1.9.2-p0 > 'test'.hash
=> -658842761
ruby-1.9.2-p0 > 'test'.hash
=> -658842761

The second time I open it

ruby-1.9.2-p0 > 'test'.hash
=> 11032433
ruby-1.9.2-p0 > 'test'.hash
=> 11032433

I have no clue if this is on purpose or not but in 1.8.7 it was consistent across different sessions.
=end

#1

Updated by naruse (Yui NARUSE) over 9 years ago

=begin
Hi,

(2010/12/01 0:30), Ryan Ong wrote:

I open one irb session

ruby-1.9.2-p0> 'test'.hash => -658842761 ruby-1.9.2-p0>
'test'.hash => -658842761

The second time I open it

ruby-1.9.2-p0> 'test'.hash => 11032433 ruby-1.9.2-p0> 'test'.hash
=> 11032433

I have no clue if this is on purpose or not but in 1.8.7 it was
consistent across different sessions.

It is intended. Ruby 1.9 explicitly use session local random seed
to calculate a hash for strings (and some other objects).

This is because the implementation of Object#hash is different
between versions (like 1.9.1 and 1.9.2) and implementations
(like JRuby, Rubinius, IronRuby, and so on). We want people to
write portable code around Object#hash, so we did so.

You should use Digest::SHA256 or some other digest routines
when you want some hash value (message digest).

--
NARUSE, Yui naruse@airemix.jp

=end

#2

Updated by shyouhei (Shyouhei Urabe) over 9 years ago

  • Status changed from Open to Closed
#3

Updated by duerst (Martin Dürst) over 9 years ago

=begin
On 2010/12/01 2:07, NARUSE, Yui wrote:

It is intended. Ruby 1.9 explicitly use session local random seed
to calculate a hash for strings (and some other objects).

This is because the implementation of Object#hash is different
between versions (like 1.9.1 and 1.9.2) and implementations
(like JRuby, Rubinius, IronRuby, and so on). We want people to
write portable code around Object#hash, so we did so.

Also, it helps to avoid some denial of service attacks, such as
registering hundreds and thousands of users with usernames that have the
same hash code.

Regards, Martin.

--
#-# Martin J. Dürst, Professor, Aoyama Gakuin University
#-# http://www.sw.it.aoyama.ac.jp mailto:duerst@it.aoyama.ac.jp

=end

Also available in: Atom PDF