[mod_python] odd behaviour of the md5-module in modpy

Nikolaus Schlemm nikl at nikl.net
Tue Jun 27 06:54:44 EDT 2006

Am Dienstag, 27. Juni 2006 09:04 schrieb Deron Meranda:
> On 6/27/06, Mike Looijmans <nlv11281 at natlab.research.philips.com> wrote:
> > I'm using a 64-bit AMD linux machine here - and I'm doing lots of MD5
> > checksumming without problems  while processing terabytes of data.
in modpython? I only have the problem there not in "regular" python..

> > I can probably use some 64 bit intel as well, but in the hundreds of
> > mails I got during my vacation, I lost track of the original post for
> > this problem.
I found the problem while moving a django powered site from django's builtin 
dev-server to an modpy setup - it was complaining that I had tampered with 
the session cookies. md5 is used in django for generating a) session ids and 
b) as a checksum for the session data. when I saw that the session ids looked 
odd, I first tried to generate some md5-hashes in django and when they were 
flawed, I wrote the little test-handler Deron quoted.

In django I got "solved" the problem by generating the hashes with sha instead 
of md5 - but that's only a little hack, not a solution ;) but at least this 
is not a blocker right now. also not that other django-users on irc have the 
same problem. unfortunately, I forgot to ask them for details like arch, 
distro, versions.

> Good to hear it's working for you on AMD 64-bit.
> Just a quick summary of of the emails so far about what Nikolaus is
> seeing, on two machines I believe.  (Nikl, correct me if I'm wrong)

> One is a debian Linux (celeron 2ghz), the other ubuntu Linux (opteron
> 144).  The Ubuntu Linux is 64-bit with python 2.4.3-1ubuntu1 and
> libapache2-mod-python-3.1.4-0ubuntu1 (both stock from the distro).
> When he does MD5s, he always gets the same bogus hexdigest value
> regardless of input, namely 0000000000000000d09215a3e97561b3 in his
> report.  Supposedly the value will be different on each mod_python
> request (but constant for every MD5 within the same request).  Also,
> although random the initial half is always zeros.  The confusing part
> is that when he runs Python outside of mod_python (such as
> interactively) MD5s always work correctly.  Supposedly SHAs work
> regardless.
> He ran a simple test handler:
>   def handler(req):
>        import md5
>        req.content_type = 'text/plain'
>        req.write('md5: %s\n' % md5.__file__)
>        for k, v in MD5_TESTS.items():
>            m = md5.new(k).hexdigest()
>            req.write('"%s" -> "%s" ? %s\n' % (k, m, (m == v)))
>        return apache.OK
> Using RFC 1321 test vectors.  MD5s were all wrong.
> I had him dump sys.modules, as well as looking at /proc/xxxx/map for
> the httpd process, and saw nothing unusual.  The md5.so module is
> loaded into the process from the expected Python lib-dynload standard
> path.
> I did see that his Apache has a ton of modules loaded though (many
> PHP, MySQL, X11, etc), so I've recommended he run a stripped-down
> apache.  Haven't heard results yet.
unfortunately I can't strip down the apache as those dependencies are used by 
my clients and I don't have any spare machines right now... :( might be 
possible in a couple days though :)


More information about the Mod_python mailing list