hash romdomization is introduced at r17465 by akr.
akr explained it is for algorithmic complexity attack in  [ruby-dev:37778].

http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003/



2013/3/21 "Martin J. D=FCrst" <duerst / it.aoyama.ac.jp>

> Hello Shota,
>
>
> On 2013/03/21 9:50, Shota Fukumori (sora_h) wrote:
>
>> On Thu, Mar 21, 2013 at 9:03 AM, Charles Oliver Nutter
>> <headius / headius.com>  wrote:
>>
>>> My question for ruby-core: at what point did you decide to make hash
>>> for e.g. nil not be a single value (it was "4" in 1.8.7 and
>>> different/random in 1.9.3+), and why did you do it?
>>>
>>
>> Wait, `nil.id` returns NoMethodError, `nil.__id__` returns '4' (1.9.3)
>> or '8' (2.0.0+),
>> not a random value.
>>
>
> The question is about nil.hash, not about nil.__id__.
>
> Regards,   Martin.
>
>


--=20
NARUSE, Yui  <naruse / airemix.jp>