[ python-Bugs-1123660 ] add SHA256/384/512 to lib
SourceForge.net
noreply at sourceforge.net
Thu Feb 17 01:55:50 CET 2005
Bugs item #1123660, was opened at 2005-02-15 23:14
Message generated for change (Comment added) made by tjreedy
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1123660&group_id=5470
Category: Python Library
Group: Feature Request
Status: Open
Resolution: None
Priority: 5
Submitted By: paul rubin (phr)
Assigned to: Nobody/Anonymous (nobody)
Summary: add SHA256/384/512 to lib
Initial Comment:
According to
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
some Chinese researchers have just announced a break
against SHA1. These are the same guys who broke MD5 a
few months ago and the SHA1 break, while not exactly
expected, is also not really shocking at this point.
The break allows finding a free collision in the full
SHA1 in O(2**69) operations, still an awful lot in
practice. So nobody should panic. But it means that
new applications probably want to use SHA256, SHA384,
or SHA512, which were standardized by NIST at the same
time AES was standardized, as successors to SHA1. The
hash lengths are 256, 384, or 512 bits respectively,
and correspond to 2x the AES key lengths of 128, 192,
or 384 bits. Their design is strengthened from SHA1 to
resist attacks like this. On the other hand, they are
slower than SHA1.
Anyway, there are various free implementations of the
algorithms around (libtomcrypt.org has some public
domain versions) so it should be straightforward enough
to transplant the Python C API wrapper from sha.c to it.
I think it's reasonable to put these all into the
existing sha module, rather than make a new module.
They could be called by adding an optional arg to sha.new:
x = sha.new(data, 256).digest()
would find the sha256 digest, etc.
Note that sha512 and sha384 are the same algorithm,
with different initial parameters and with 128 bits
discarded for sha384.
----------------------------------------------------------------------
Comment By: Terry J. Reedy (tjreedy)
Date: 2005-02-16 19:55
Message:
Logged In: YES
user_id=593130
This is, of course, an RFE -- request for enhancement -- and
not at all a bug report. Will SF let you reclassify it? I
suspect your request is reasonable, but if you leave it here, it
may get closed as Invalid -- not a bug.
If you really want this to happen, I suspect you know the
drill: submit a patch and help review others. What you may
not know it that 'public domain' is mostly not acceptible for
contributions. The PSF's paid lawyer considers it bogus for
modern creations other than government work. What the
PSF does want is stuff licensed under specific open source
licenses and specifically contributed to Python by the
author. There also needs to be a code maintainer. Getting
all this takes more work that just visiting a site.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1123660&group_id=5470
More information about the Python-bugs-list
mailing list