hashlib suddenly broken
Larry Martell
larry.martell at gmail.com
Thu Sep 18 15:22:04 EDT 2014
On Thu, Sep 18, 2014 at 11:07 AM, Steven D'Aprano
<steve+comp.lang.python at pearwood.info> wrote:
> Larry Martell wrote:
>
>> I am on a mac running 10.8.5, python 2.7
>>
>> Suddenly, many of my scripts started failing with:
>>
>> ValueError: unsupported hash type sha1
> [...]
>> This just started happening yesterday, and I cannot think of anything
>> that I've done that could cause this.
>
> Ah, the ol' "I didn't change anything, I swear!" excuse *wink*
>
> But seriously... did you perhaps upgrade Python prior to yesterday? Or
> possibly an automatic update ran?
No, I did not upgrade or install anything.
> Check the creation/last modified dates on:
>
> /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py
That was in my original post:
$ ls -l /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py
-rw-r--r-- 1 root wheel 5013 Apr 12 2013
/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py
> but I expect that's probably not where the problem lies. My *wild guess* is
> that your system updated SSL, and removed some underlying SHA-1 library
> needed by hashlib. SHA-1 is pretty old, and there is now a known attack on
> it, so some over-zealous security update may have removed it.
>
> If that's the case, it really is over-zealous, for although SHA-1 is
> deprecated, the threat is still some years away. Microsoft, Google and
> Mozilla have all announced that they will continue accepting it until 2017.
> I can't imagine why Apple would removed it so soon.
So you know how I could check and see if I have SHA-1 and when my SSL
was updated?
More information about the Python-list
mailing list