As Carl points out in the comments, switching to the hashWithSalt method only with hash (as the original Hashable ) was supposed to allow people to mitigate DOS attacks based on hash collisions. Over a period of time, each individual run generated a different random default salt, using unsafePerformIO in the background. This lack of reproducibility turned out to be a huge problem, however, for people interested in, for example, keeping data structures in different series, getting reliable benchmarking numbers, etc.
So, the current approach is to provide this method, but it is usually deferred to a fixed salt by default, and then adds a warning to the documentation that it remains susceptible to various potential DOS attack vectors if used publicly -. (You can see for yourself in the documentation: http://hackage.haskell.org/package/hashable-1.2.1.0/docs/Data-Hashable.html )
Since hash is the classโs own method, itโs simple enough to implement an object with a โmodelessโ hash that is marked with it, and in addition, you can implement hashWithSalt as soon as xor ing with salt, if you want. Or, as comments note, you can implement hashWithSalt using the more legitimate hash method of the generated / memoed hash .