Project

General

Profile

Actions

Bug #4103

closed

String#hash not returning consistent values in different sessions

Added by ryanong (Ryan Ong) over 11 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
ruby -v:
ruby 1.9.2p0 (2010-08-18 revision 29036) [i386-darwin10.4.0]
Backport:
[ruby-core:33491]

Description

=begin
I open one irb session

ruby-1.9.2-p0 > 'test'.hash
=> -658842761
ruby-1.9.2-p0 > 'test'.hash
=> -658842761

The second time I open it

ruby-1.9.2-p0 > 'test'.hash
=> 11032433
ruby-1.9.2-p0 > 'test'.hash
=> 11032433

I have no clue if this is on purpose or not but in 1.8.7 it was consistent across different sessions.
=end

Actions #1

Updated by naruse (Yui NARUSE) over 11 years ago

=begin
Hi,

(2010/12/01 0:30), Ryan Ong wrote:

I open one irb session

ruby-1.9.2-p0> 'test'.hash => -658842761 ruby-1.9.2-p0>
'test'.hash => -658842761

The second time I open it

ruby-1.9.2-p0> 'test'.hash => 11032433 ruby-1.9.2-p0> 'test'.hash
=> 11032433

I have no clue if this is on purpose or not but in 1.8.7 it was
consistent across different sessions.

It is intended. Ruby 1.9 explicitly use session local random seed
to calculate a hash for strings (and some other objects).

This is because the implementation of Object#hash is different
between versions (like 1.9.1 and 1.9.2) and implementations
(like JRuby, Rubinius, IronRuby, and so on). We want people to
write portable code around Object#hash, so we did so.

You should use Digest::SHA256 or some other digest routines
when you want some hash value (message digest).

--
NARUSE, Yui

=end

Actions #2

Updated by shyouhei (Shyouhei Urabe) over 11 years ago

  • Status changed from Open to Closed
Actions #3

Updated by duerst (Martin Dürst) over 11 years ago

=begin
On 2010/12/01 2:07, NARUSE, Yui wrote:

It is intended. Ruby 1.9 explicitly use session local random seed
to calculate a hash for strings (and some other objects).

This is because the implementation of Object#hash is different
between versions (like 1.9.1 and 1.9.2) and implementations
(like JRuby, Rubinius, IronRuby, and so on). We want people to
write portable code around Object#hash, so we did so.

Also, it helps to avoid some denial of service attacks, such as
registering hundreds and thousands of users with usernames that have the
same hash code.

Regards, Martin.

--
#-# Martin J. Dürst, Professor, Aoyama Gakuin University
#-# http://www.sw.it.aoyama.ac.jp mailto:

=end

Actions

Also available in: Atom PDF