Doesn't that render all the preceding discussion -- in this thread and elsewhere -- about being able to discover the seed, completely redundant?
With 5.8.1 we assumed we'd fixed algorithmic complexity attacks. When it all blew up again in 2013, we looked on smugly as Python, Ruby et al scrambled to do the same stuff we'd already done years before. Then we looked more closely and realised that our 5.8.1 fix wasn't as good as it could be. Then we noticed that in addition, the 5.8.1 fix had introduced the hash bucket doubling bug. These issues were fixed. Then someone noticed that unsorted hash keys leaked the hash seed (around 3 bits per key IIRC). Proof of Concept code was written which demonstrated that the whole hash seed could be recovered based on receiving a small number of unsorted (and non-special) keys.
This meant that even with a good hash function and a random seed, it might be possible to attack. So we we added bucket perturbation too which seems to have stopped the seed leak.
(This is based on my recollections from the long discussion from 3/4 years ago).
would you share them with me privately
I'd prefer not to right now,