In Python 3.3, the hash seed is not cryptographically strong; it is generated at startup with the following pseudo-random generator:
/* Fill buffer with pseudo-random bytes generated by a linear congruent
generator (LCG):
x(n+1) = (x(n) * 214013 + 2531011) % 2^32
Use bits 23..16 of x(n) to generate a byte. */
static void
lcg_urandom(unsigned int x0, unsigned char *buffer, size_t size)
{
size_t index;
unsigned int x;
x = x0;
for (index=0; index < size; index++) {
x *= 214013;
x += 2531011;
/* modulo 2 ^ (8 * sizeof(int)) */
buffer[index] = (x >> 16) & 0xff;
}
}
which is not cryptographically strong.
There are also other problems with the hash seeding that still made it possible to force collisions.
Python 3.4 addressed these issues by introducing a more secure hashing algorithm by default, and made it pluggable.
If you need cryptographically strong random numbers in your program use random.SystemRandom()
or os.urandom()
instead.