3

I am wondering what the practical reason there is for the observed behavior in python 2.7:

import hashlib
hashlib.md5('foo') == hashlib.md5('foo')

Returns false. But...

import hashlib
hashlib.md5('foo').hexdigest() == hashlib.md5('foo').hexdigest()

Returns true. I understand that the hexdigest/digest return the final string representations, but since the same data has been entered into the two hash objects directly, shouldn't they evaluate as equal to one another? Wouldn't the md5 HASH object be aware of the internal identity when the magic __eq__ methods are called? For what reason would the objects themselves evaluate inequality? Really just curious.

DeaconDesperado
  • 9,977
  • 9
  • 47
  • 77
  • hashlib.md5('foo') is an object , compare with it's id – PasteBT Jun 28 '12 at 21:11
  • As to _why_ they didn't define `__eq__`... Well, the valid case for comparing two hash _objects_ is when you want to compare their hash _strings_, which aren't computed until you call `hexdigest()`... So you may as well compare the digests directly. – voithos Jun 28 '12 at 21:15
  • There is no support for comparing the internal intermediate state of hash objects with one another. Sure, an __eq__ method could be implemented that calls digest() on both behind the scenes to do that but it does not seem worth it. If you want to compare if two things hash the same, finalize the hashes yourself with the digest or hexdigest methods to compare them. – gps Jun 29 '12 at 18:17

2 Answers2

6

There's no equality comparison for hashlib.md5 objects so, as they are different objects, the result is false.

The .hexdigest method generates a string (or byte string if you're on Python 3) and strings can be compared.

BTW:

x = hashlib.md5('foo')
x == x # is True because it's the same object
JBernardo
  • 32,262
  • 10
  • 90
  • 115
1

The reason may be that using == to compare checksums is suject to timing attacks: https://groups.google.com/forum/?fromgroups=#!topic/keyczar-discuss/VXHsoJSLKhM (credits to jwilkins in https://stackoverflow.com/a/14487254/821378)

In a recent Python version, a function was added but I forgot if it’s for all hashes or only HMAC: http://docs.python.org/3/library/hmac#hmac.compare_digest

Community
  • 1
  • 1
merwok
  • 6,779
  • 1
  • 28
  • 42