The hash collision seed we use in the hash function is completely useless as the following email I received shows how it is trivial to find seed-independent collisions. The original email follows:

From: Martin Schönert

On the "Redis Security" Topic page you write:

For instance an attacker could supply, via a web form, a set of strings that is known to hash to the same bucket into an hash table in order to turn the O(1) expected time (the average time) to the O(N) worst case, consuming more CPU than expected, and ultimately causing a Denial of Service. To prevent this specific attack, Redis uses a per-execution pseudo-random seed to the hash function. Unfortunately the structure of the hash functions and the way the seed is used still leaves it open to attacks (if the
keys are all of the same length). This is demonstrated by the attached file.

https://gist.github.com/3076234