[pilif]

Perl has fixed this (http://www.perlmonks.org/?node_id=945526 also contains a link to a PDF detailing the issue) in 2003 when it was discussed the first time.

Ruby 1.9 was already randomizing the hashes whereas this current rediscovery of the problem caused them to fix it by randomizing in 1.8 too. Same goes for Python.

The best link to the algorithm I found on a quick search is here http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_... - where the problem was discussed again in 2006.

By randomizing I mean randomizing that value for h for the lifetime you need your hashes to be consistent (until the script ends in PHP)

While you are still vulnerable to attackers who know what that random initial value is, finding that by just randomly trying to create the collisions is impractical and easily detectable.