This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients benjamin.peterson, christian.heimes, miss-islington, vstinner
Date 2018-09-21.06:38:05
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
The bug affects multiple platforms. libexpat's expat.h uses slightly different autoconf macro names than pyconfig.h. Therefore only platforms that have either HAVE_GETRANDOM or _WIN32 defined, use a proper CSPRNG to seed the hash salt.

Since HAVE_SYSCALL_GETRANDOM, HAVE_ARC4RANDOM_BUF, HAVE_ARC4RANDOM, or XML_DEV_URANDOM are never defined by Python's pyconfig.h, older Linux platforms, any BSD, and any other Unix platform with /dev/urandom fall back to a weak Mersenne Twister-like RNG with gettimeofday().tv_usec and getpid() as seed.
Date User Action Args
2018-09-21 06:38:05christian.heimessetrecipients: + christian.heimes, vstinner, benjamin.peterson, miss-islington
2018-09-21 06:38:05christian.heimessetmessageid: <>
2018-09-21 06:38:05christian.heimeslinkissue34623 messages
2018-09-21 06:38:05christian.heimescreate