Hash collision security issue

Misc/python.man

 .TH PYTHON "1" "$Date$"
 
 .\" To view this file while editing, run it through groff:
 .\"   groff -Tascii -man python.man | less
 
 .SH NAME
 python \- an interpreted, interactive, object-oriented programming language
 .SH SYNOPSIS
 .B python
 [
@@ skipping 138 matching lines @@
 Discard docstrings in addition to the \fB-O\fP optimizations.
 .TP
 .B \-R
 Turn on "hash randomization", so that the hash() values of str, bytes and
 datetime objects are "salted" with an unpredictable pseudo-random value.
 Although they remain constant within an individual Python process, they are
 not predictable between repeated invocations of Python.
 .IP
 This is intended to provide protection against a denial of service
 caused by carefully-chosen inputs that exploit the worst case performance
-of a dict lookup, O(n^2) complexity.  See
+of a dict insertion, O(n^2) complexity.  See
 http://www.ocert.org/advisories/ocert-2011-003.html
 for details.
 .TP
 .BI "\-Q " argument
 Division control; see PEP 238.  The argument must be one of "old" (the
 default, int/int and long/long return an int or long), "new" (new
 division semantics, i.e. int/int and long/long returns a float),
 "warn" (old division semantics with a warning for int/int and
 long/long), or "warnall" (old division semantics with a warning for
 all use of the division operator).  For a use of "warnall", see the
@@ skipping 241 matching lines @@
 .IP PYTHONNOUSERSITE
 If this is set to a non-empty string it is equivalent to specifying the
 \fB\-s\fP option (Don't add the user site directory to sys.path).
 .IP PYTHONUNBUFFERED
 If this is set to a non-empty string it is equivalent to specifying
 the \fB\-u\fP option.
 .IP PYTHONVERBOSE
 If this is set to a non-empty string it is equivalent to specifying
 the \fB\-v\fP option. If set to an integer, it is equivalent to
 specifying \fB\-v\fP multiple times. 
-.IP PYTHONHASHRANDOMIZATION

[Benjamin Peterson, 2012/02/07 00:18:29]

What about the other envvar?

-If this is set to a non-empty string it is equivalent to specifying the
-\fB\-R\fP option.
+.IP PYTHONHASHSEED
+If this variable is set to "random", the effect is the same as specifying
+the \fB-R\fP option: a random value is used to seed the hashes of str,
+bytes and datetime objects.
+
+If PYTHONHASHSEED is set to an integer value, it is used as a fixed seed for
+generating the hash() of the types covered by the hash randomization.  Its
+purpose is to allow repeatable hashing, such as for selftests for the
+interpreter itself, or to allow a cluster of python processes to share hash
+values.
+
+The integer must be a decimal number in the range [0,4294967295].  Specifying
+the value 0 will lead to the same hash values as when hash randomization is
+disabled.
 .SH AUTHOR
 The Python Software Foundation: http://www.python.org/psf
 .SH INTERNET RESOURCES
 Main website:  http://www.python.org/
 .br
 Documentation:  http://docs.python.org/py3k/
 .br
 Developer resources:  http://www.python.org/dev/
 .br
 Downloads:  http://python.org/download/
 .br
 Module repository:  http://pypi.python.org/
 .br
 Newsgroups:  comp.lang.python, comp.lang.python.announce
 .SH LICENSING
 Python is distributed under an Open Source license.  See the file
 "LICENSE" in the Python source distribution for information on terms &
 conditions for accessing and otherwise using Python and for a
 DISCLAIMER OF ALL WARRANTIES.