Prevent Hash DoS in python
$ export PYTHONHASHSEED=random Makes hashes of types unpredictable across #python invocations, making your app more secure to DOS attacks.
— Anand B Pillai (@pythonhacker) September 5, 2013
Denial of Service through hash table multi-collisions or Hash DoS has been first reported in 28-Dec-2011 [1].
Python and Ruby are partially vulnerable, depending on version or whether the server running the code is a 32 bit or 64 bit machine. Python 2 by default does not provide random value for PYTHONHASHSEED [2] though it’s behaviour is changed in python 3 [3] which means it has random as it default value.
References
[1] | https://web.archive.org/web/20140606214923/https://www.nruns.com/_downloads/advisory28122011.pdf |
[2] | http://docs.python.org/2/using/cmdline.html#envvar-PYTHONHASHSEED |
[3] | http://docs.python.org/3/using/cmdline.html#envvar-PYTHONHASHSEED |