hashlib suddenly broken
Steven D'Aprano
steve+comp.lang.python at pearwood.info
Thu Sep 18 13:07:35 EDT 2014
Larry Martell wrote:
> I am on a mac running 10.8.5, python 2.7
>
> Suddenly, many of my scripts started failing with:
>
> ValueError: unsupported hash type sha1
[...]
> This just started happening yesterday, and I cannot think of anything
> that I've done that could cause this.
Ah, the ol' "I didn't change anything, I swear!" excuse *wink*
But seriously... did you perhaps upgrade Python prior to yesterday? Or
possibly an automatic update ran?
Check the creation/last modified dates on:
/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py
but I expect that's probably not where the problem lies. My *wild guess* is
that your system updated SSL, and removed some underlying SHA-1 library
needed by hashlib. SHA-1 is pretty old, and there is now a known attack on
it, so some over-zealous security update may have removed it.
If that's the case, it really is over-zealous, for although SHA-1 is
deprecated, the threat is still some years away. Microsoft, Google and
Mozilla have all announced that they will continue accepting it until 2017.
I can't imagine why Apple would removed it so soon.
--
Steven
More information about the Python-list
mailing list